Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
13.116 exploits
GitHub PoC3
CVE-2026-33825
CVE-2026-33825HIGHbajo ataqueransomware18 may 2026
Microsoft Defender Elevation of Privilege Vulnerability
71RIESGO
abrir
GitHub PoC4
IKEv2, ikeext.dll, CVE-2026-33824, double free, heap grooming, ROP, SKF fragmentation, Windows exploit, anti-debug, obfuscation, API hooking, shellcode, reverse shell
CVE-2026-33824CRITICAL18 may 2026
Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
60RIESGO
abrir
GitHub PoC6
Research artifacts, PoC scripts, and lab assets for the Copy Fail Linux local privilege escalation writeup on https://4xura.com/binex/kernel/copy-fail
CVE-2026-31431HIGHbajo ataque18 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Detection and mitigation tooling for CVE-2026-31431 (Copy Fail) on Linux kernels. Includes Phalanx-CCS and Silent4Labs scripts plus an Ansible playbook to apply temporary mitigation (block algif_aead module or boot parameter) across servers.
CVE-2026-31431HIGHbajo ataque18 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
cj667113/OCI-Ansible-Fix-CVE-2026-31431
CVE-2026-31431HIGHbajo ataque18 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC3
暂无
CVE-2026-39636MEDIUM18 may 2026
WordPress Livemesh Addons for Elementor plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability
33RIESGO
abrir
GitHub PoC
a.k.a. React2Shell
CVE-2025-55182CRITICALbajo ataqueransomware18 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
Python script to sweep a fleet of Palo Alto firewalls and Panoramas via SSH, check PAN-OS version against CVE-2026-0265 (Authentication Bypass via Cloud Authentication Service), detect whether CAS is actually configured, and report exploitability in a color-coded summary table.
CVE-2026-0265HIGH17 may 2026
PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled
41RIESGO
abrir
GitHub PoC1
Use CVE-2026-46333 and CVE-2026-31431 to change any user's password.
CVE-2026-46333HIGH17 may 2026
ptrace: slightly saner 'get_dumpable()' logic
56RIESGO
abrir
GitHub PoC3
CVE-2026-31431 (Copy Fail) — Análisis y desarrollo en Ensamblador x86-64 | Analysis and development in x86-64 Assembly
CVE-2026-31431HIGHbajo ataque17 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
MuharremK0/Info-Sys-Security-CVE-2025-55182
CVE-2025-55182CRITICALbajo ataqueransomware17 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
Linux kernel root exploit
CVE-2026-46300HIGH17 may 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
GitHub PoC3
🛡️ Script to test for NGINX CVE-2026-42945
CVE-2026-42945CRITICAL17 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC35
CVE-2026-46333
CVE-2026-46333HIGH17 may 2026
ptrace: slightly saner 'get_dumpable()' logic
56RIESGO
abrir
GitHub PoC1
Use CVE-2026-46333 and CVE-2026-31431 to change any user's password.
CVE-2026-46333HIGH17 may 2026
ptrace: slightly saner 'get_dumpable()' logic
56RIESGO
abrir
GitHub PoC4
PoC for CVE-2023-2825: automated GitLab 16.0.0 arbitrary file read via nested public groups, project upload traversal, reusable upload paths, and clean CLI output.
CVE-2023-2825CRITICAL17 may 2026
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a
85RIESGO
abrir
GitHub PoC1
Renison-Gohel/CVE-2026-42945-NGINX-Rift
CVE-2026-42945CRITICAL17 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
CVE-2026-8181 | Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
CVE-2026-8181CRITICAL17 may 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir
GitHub PoC
Authenticated RCE PoC for Flowise version <= 3.0.5 via CustomMCP Node (CVE-2025-59528)
CVE-2025-59528CRITICAL17 may 2026
Flowise has Remote Code Execution vulnerability
85RIESGO
abrir
GitHub PoC
DFIR investigation + 7 Suricata rules on a simulated NexaCorp intrusion (vsftpd 2.3.4 CVE-2011-2523 + MITRE Caldera C2). 4-day solo engagement (BeCode Brussels Mission 01). 54-page report, 10 findings, 7/7 rules validated by PCAP replay.
CVE-2011-252317 may 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-8181-Lab
CVE-2026-8181CRITICAL17 may 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir
GitHub PoC1
usmansec/-CVE-2021-4034
CVE-2021-4034HIGHbajo ataque17 may 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir
GitHub PoC5
Research on `pidfd_getfd(2)`-based file descriptor leakage from privileged SUID processes. Demonstrates race-condition FD capture against OpenSSH `ssh-keysign` and exposure of sensitive root-owned file handles.
CVE-2026-46333HIGH17 may 2026
ptrace: slightly saner 'get_dumpable()' logic
56RIESGO
abrir
GitHub PoC6
CHARON — pre-built PoC for CVE-2026-46333 (Linux ptrace mm==NULL fd theft)
CVE-2026-46333HIGH16 may 2026
ptrace: slightly saner 'get_dumpable()' logic
56RIESGO
abrir
GitHub PoC
Estudio del bug CVE-2026-31431
CVE-2026-31431HIGHbajo ataque16 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Read-only cPanel CVE-2026-41940 IOC detector for .sorry ransomware, Mr_Rot13 Filemanager backdoors, C2 callbacks, cron, SSH, and logs.
CVE-2026-41940CRITICALbajo ataqueransomware16 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC
lwd3c/CVE-2026-46586
CVE-2026-46586HIGH16 may 2026
Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution
21RIESGO
abrir
GitHub PoC
Source-built nginx 1.25.5 container with backported CVE-2026-42945 fix, OpenSSL bump, full provenance chain, and VEX attestation.
CVE-2026-42945CRITICAL16 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC1
Technical PoC for CVE-2025-59528 (Flowise < 3.0.5), demonstrating authenticated RCE through customMCP mcpServerConfig injection, with clear bilingual documentation and reproducible steps for authorized security testing.
CVE-2025-59528CRITICAL16 may 2026
Flowise has Remote Code Execution vulnerability
85RIESGO
abrir
GitHub PoC13
Evince/xreader/Atril RCE exploit to CVE-2026-46529
CVE-2026-46529HIGH16 may 2026
PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
41RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.