Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.114 exploits
GitHub PoC
HAERIN-L/POC_CVE-2026-46716
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
48RIESGO
abrir ↗GitHub PoC★ 2
CVE-2026-8732 | WP Maps Pro <= 6.1.0 | Unauthenticated Privilege Escalation
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir ↗GitHub PoC
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir ↗VulnCheck XDB
local
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RIESGO
abrir ↗VulnCheck XDB
initial-access
Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie
63RIESGO
abrir ↗GitHub PoC
Dungsocool/CVE-2018-7600
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RIESGO
abrir ↗Exploit-DB
YAMCS yamcs-core 5.12.7 - LDAP Injection
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RIESGO
abrir ↗GitHub PoC
Dhananjayasj/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
100RIESGO
abrir ↗VulnCheck XDB
initial-access
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir ↗VulnCheck XDB
initial-access
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir ↗VulnCheck XDB
initial-access
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir ↗GitHub PoC
kavin-jindal/CVE-2026-48778-PoC
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RIESGO
abrir ↗GitHub PoC
Testing a List of IP address incase they are vulnerable to CVE-2024-3400
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RIESGO
abrir ↗GitHub PoC
This exploit is based on CVE-2023-27350 and was built upon the original exploit by horizon3ai and the Metasploit module.
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RIESGO
abrir ↗GitHub PoC★ 2
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RIESGO
abrir ↗GitHub PoC★ 1
POC_CVE-2026-42589
Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
63RIESGO
abrir ↗VulnCheck XDB
initial-access
Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
63RIESGO
abrir ↗GitHub PoC
jomjosh17/Log4Shell-CVE-2021-44228-
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC
SourceCodester Pharmacy Sales and Inventory System 1.0 - Vulnerable source code for CVE-2026-7392 SQL Injection
SourceCodester Pharmacy Sales and Inventory System ajax.php delete_supplier sql injection
33RIESGO
abrir ↗GitHub PoC★ 7
Notepad++ RCE via config.xml commandLineInterpreter
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RIESGO
abrir ↗Exploit-DB
Notepad++ 8.9.6 - Arbitrary Code Execution
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RIESGO
abrir ↗GitHub PoC
CVE-2025-5947 WordPress Service Finder Bookings ≤ 6.0 Exploit
Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie
63RIESGO
abrir ↗GitHub PoC
CVE-2026-39987 - Draft
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RIESGO
abrir ↗GitHub PoC★ 7
CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG.
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RIESGO
abrir ↗GitHub PoC
PHP poc, exploit for CVE-2025-9074
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RIESGO
abrir ↗GitHub PoC
CVE-2025-10162 Exploit
OrderConvo < 14 - Unauthenticated Arbitrary File Read
56RIESGO
abrir ↗GitHub PoC
Python POC, Exploit for CVE-2026-29000
pac4j-jwt JwtAuthenticator Authentication Bypass
48RIESGO
abrir ↗GitHub PoC
CVE-2026-0257 - PAN-OS
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.