Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
13.086 exploits
GitHub PoC
Safe Python scanner for Cisco CVE-2025-20333 (Cisco ASA/FTD WebVPN Buffer Overflow)
CVE-2025-20333CRITICALbajo ataque16 may 2026
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secu
90RIESGO
abrir
GitHub PoC
# CVE-2026-42154 — Prometheus Remote Read Snappy DoS
CVE-2026-42154HIGH15 may 2026
Prometheus: remote read endpoint allows denial of service via crafted snappy payload
41RIESGO
abrir
GitHub PoC13
CVE-2026-46300
CVE-2026-46300HIGH15 may 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
GitHub PoC
Este proyecto tiene como objetivo demostrar de forma práctica el funcionamiento del exploit Dirty COW (CVE-2016-5195), una vulnerabilidad crítica del en el kernel de Linux. Se simula un escenario realista en el que un atacante con acceso local limitado a un sistema sin parchear logra escalar sus privilegios hasta obtener acceso completo como root.
CVE-2016-5195HIGHbajo ataque15 may 2026
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RIESGO
abrir
GitHub PoC
Tester for CVE-2026-43284
CVE-2026-43284HIGH15 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
Toshiba Qiomem.sys vulnerable driver POC (CVE-2026-56129)
CVE-2026-56129MEDIUM15 may 2026
Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insuf
33RIESGO
abrir
GitHub PoC
CVE-2026-44338
CVE-2026-44338HIGH15 may 2026
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
61RIESGO
abrir
GitHub PoC4
CVE-2026-42897 - Exchange Health Checker blind spot: outbound IIS URL Rewrite rules silently ignored, making EOMT mitigations invisible in diagnostic reports.
CVE-2026-42897HIGHbajo ataque15 may 2026
Microsoft Exchange Server Spoofing Vulnerability
71RIESGO
abrir
GitHub PoC75
NextSSRF — CVE-2026-44578 Scanner & Exploit ║ ║ Next.js WebSocket Upgrade Handler SSRF
CVE-2026-44578HIGH15 may 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RIESGO
abrir
GitHub PoC
Centralized Wazuh SCA Assessment for CVE-2026-42945 on NGINX Servers
CVE-2026-42945CRITICAL15 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
permite a un atacante remoto no autenticado leer archivos arbitrarios del sistema afectado mediante una inyección de XML External Entity (XXE)
CVE-2026-20224HIGH15 may 2026
Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability
41RIESGO
abrir
GitHub PoC
Medaz-Sploit/CVE-2025-9074-Docker-Desktop-API-Escape-PoC
CVE-2025-9074CRITICAL15 may 2026
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RIESGO
abrir
GitHub PoC
LangFlow RCE | CVE-2026-0770 | Proof-Of-Concept
CVE-2026-0770CRITICAL15 may 2026
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RIESGO
abrir
GitHub PoC4
jelasin/CVE-2026-42945
CVE-2026-42945CRITICAL15 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC1
forxiucn/nginx-cve-2026-42945-poc
CVE-2026-42945CRITICAL15 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC6
Automated exploitation scanner for Oracle Reports Server (rwservlet) — CVE-2012-3152 / CVE-2012-3153. Detects, fingerprints, reads files via LFI, tests SSRF via webhook, and uploads JSP shells. Targets Oracle Reports < 11g. For authorized use only.
CVE-2012-3152CRITICALbajo ataque15 may 2026
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
100RIESGO
abrir
GitHub PoC1
CVE-2026-42945: nginx-rift vulnerability analysis and detection script
CVE-2026-42945CRITICAL15 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC1
VsFTPd 2.3.4 Backdoor Command Execution
CVE-2011-252315 may 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir
GitHub PoC3
Behavioral detection script for CVE-2026-42945 (NGINX Rift) — heap overflow in ngx_http_rewrite_module. No RCE, crash-based detection only.
CVE-2026-42945CRITICAL15 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC3
In‑depth technical analysis of CVE‑2026‑41096, a critical heap overflow in Windows DNSAPI.dll enabling remote code execution via crafted DNS responses. Includes attack vectors, patch insights, and defensive guidance for security teams.
CVE-2026-41096CRITICAL15 may 2026
Windows DNS Client Remote Code Execution Vulnerability
48RIESGO
abrir
GitHub PoC6
Nuclei templates for detecting CVE-2026-44578 (Next.js WebSocket Upgrade SSRF) with multi-cloud metadata validation, Next.js fingerprinting, and real-world scanning workflows. Includes references to the original NextSSRF research and exploit tooling.
CVE-2026-44578HIGH15 may 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RIESGO
abrir
GitHub PoC18
Script Python para detecção de instâncias Nginx vulneráveis ao CVE-2026-42945 em IPs, CIDRs e ASNs.
CVE-2026-42945CRITICAL15 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
Educational environment for LTAT.04.022 Homework 4.
CVE-2023-44487HIGHbajo ataque15 may 2026
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many
93RIESGO
abrir
GitHub PoC
Astianjy/CVE-2026-42203
CVE-2026-42203HIGH15 may 2026
LiteLLM: Server-Side Template Injection in /prompts/test endpoint
41RIESGO
abrir
GitHub PoC2
Working PoC for CVE-2025-32432 - Craft CMS <= 5.6.16 unauthenticated RCE via Yii2 PhpManager gadget + nginx access.log poisoning
CVE-2025-32432CRITICALbajo ataque15 may 2026
Craft CMS Allows Remote Code Execution
100RIESGO
abrir
GitHub PoC
byezero/nginx-cve-2026-42945-check
CVE-2026-42945CRITICAL15 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
tocong282/CVE-2026-44578-PoC
CVE-2026-44578HIGH15 may 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-44338-Lab
CVE-2026-44338HIGH15 may 2026
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
61RIESGO
abrir
GitHub PoC
xd20111/CVE-2026-43284
CVE-2026-43284HIGH15 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC2
CVE-2026-8181 PoC: Burst Statistics (3.4.0–3.4.1.1) authentication bypass. Python tool — single & multi-target scans, threaded workers, TXT reports. Authorized testing only. Maintainer: mürrez.
CVE-2026-8181CRITICAL15 may 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.