Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.114 exploits
Exploit-DB
YAMCS yamcs-core 5.12.7 - No Rate Limiting
Yamcs: No Rate Limiting on Authentication Endpoint
30RIESGO
abrir ↗GitHub PoC★ 7
Notepad++ RCE via config.xml commandLineInterpreter
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RIESGO
abrir ↗GitHub PoC
kavin-jindal/CVE-2026-48778-PoC
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RIESGO
abrir ↗GitHub PoC
Python POC, Exploit for CVE-2026-29000
pac4j-jwt JwtAuthenticator Authentication Bypass
48RIESGO
abrir ↗GitHub PoC★ 7
CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG.
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RIESGO
abrir ↗VulnCheck XDB
initial-access
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RIESGO
abrir ↗VulnCheck XDB
initial-access
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RIESGO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RIESGO
abrir ↗Exploit-DB
ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
41RIESGO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir ↗GitHub PoC
YAMCS yamcs-core < 5.12.7 lacks rate limiting on POST /auth/token. An unauthenticated attacker can perform unlimited brute-force attempts against any account. Never returns HTTP 429. Fixed in 5.12.7.
Yamcs: No Rate Limiting on Authentication Endpoint
30RIESGO
abrir ↗GitHub PoC
# CVE-2026-44595 YAMCS Unauthorized User Enumeration via IAM API
Yamcs: Unauthorized user enumeration via IAM API endpoints
30RIESGO
abrir ↗VulnCheck XDB
initial-access
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗Exploit-DB
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RIESGO
abrir ↗GitHub PoC
An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing authentication bypass.
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RIESGO
abrir ↗GitHub PoC
Oracle REST Data Services (ORDS) Unauthenticated RCE (CVE-2026-46840)
Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are
48RIESGO
abrir ↗GitHub PoC
Professional TryHackMe Simple CTF walkthrough covering enumeration, CMS Made Simple SQL Injection (CVE-2019-9053), credential recovery, SSH access, privilege escalation via Vim, and root compromise.
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir ↗Exploit-DB
Prodigy Commerce 3.3.0 - Local File Inclusion
Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]
63RIESGO
abrir ↗GitHub PoC
P1 W8 S22 - Metasploit Samba CVE-2007-2447 Exploitation
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RIESGO
abrir ↗VulnCheck XDB
initial-access
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RIESGO
abrir ↗GitHub PoC
Technical report about CVE-2022-22947 in Spring Cloud Gateway and its exploitation through exposed Actuator endpoints.
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RIESGO
abrir ↗GitHub PoC★ 1
Safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network App
68RIESGO
abrir ↗Exploit-DB
Langflow 1.3.0 - Remote Code Execution
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RIESGO
abrir ↗GitHub PoC
Automated CVE-2022-26923 Exploitation (Certifried)
Active Directory Domain Services Elevation of Privilege Vulnerability
100RIESGO
abrir ↗VulnCheck XDB
remote-with-credentials
Active Directory Domain Services Elevation of Privilege Vulnerability
100RIESGO
abrir ↗VulnCheck XDB
initial-access
Remote code execution as guest via SolrSearchMacros request in xwiki
100RIESGO
abrir ↗GitHub PoC
CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials
FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
48RIESGO
abrir ↗GitHub PoC★ 2
akashsingh0454/CVE-2026-0257-PoC
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir ↗Exploit-DB
ZTE ZXHN H188A V6 - Authentication Bypass
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.