Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
71.114 exploits
Exploit-DB
Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
CVE-2026-1830CRITICAL29 may 2026
Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload
48RIESGO
abrir
GitHub PoC
An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing authentication bypass.
CVE-2026-42568MEDIUM29 may 2026
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RIESGO
abrir
Exploit-DB
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
CVE-2026-44403HIGHremotemultiple29 may 2026
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RIESGO
abrir
GitHub PoC
# CVE-2026-44595 YAMCS Unauthorized User Enumeration via IAM API
CVE-2026-44595MEDIUM29 may 2026
Yamcs: Unauthorized user enumeration via IAM API endpoints
30RIESGO
abrir
GitHub PoC
YAMCS yamcs-core < 5.12.7 lacks rate limiting on POST /auth/token. An unauthenticated attacker can perform unlimited brute-force attempts against any account. Never returns HTTP 429. Fixed in 5.12.7.
CVE-2026-44596MEDIUM29 may 2026
Yamcs: No Rate Limiting on Authentication Endpoint
30RIESGO
abrir
Exploit-DB
ZTE H298A / H108N - Unauthenticated Credential Exposure
CVE-2026-34474HIGHlocalmultiple29 may 2026
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to
46RIESGO
abrir
Exploit-DB
ZTE Routers - Unauthenticated Denial of Service
CVE-2026-34473HIGHlocalmultiple29 may 2026
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H
41RIESGO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-46300HIGHlocallinux29 may 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
Exploit-DB
MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
CVE-2026-42471HIGHwebappsphp29 may 2026
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) cal
41RIESGO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43284HIGHlocallinux29 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
Exploit-DB
Microsoft - NTLMv2 Hash Capture
CVE-2026-32202MEDIUMbajo ataque29 may 2026
Windows Shell Spoofing Vulnerability
75RIESGO
abrir
Exploit-DB
MikroORM 7.0.13 - SQL Injection
CVE-2026-44680HIGHwebappsmultiple29 may 2026
MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-0257HIGHbajo ataque29 may 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir
GitHub PoC1
writeup
CVE-2026-8697HIGH29 may 2026
Improper Authentication Rate Limiting on TP-Link's Archer C64
41RIESGO
abrir
GitHub PoC
vishvacyber/Detection-Tool-Kit-for-CVE-2026-31431
CVE-2026-31431HIGHbajo ataque29 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43500HIGHlocallinux29 may 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2023-26083LOWbajo ataque28 may 2026
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost
58RIESGO
abrir
GitHub PoC1
funixone/EXPLOIT-CVE-2026-8832
CVE-2026-8832HIGH28 may 2026
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RIESGO
abrir
GitHub PoC1
Intentionally-vulnerable nginx 1.30.0 CVE lab images (CVE-2026-40701/42934/42945/42946) for isolated security research. Lab use only.
CVE-2026-40701MEDIUM28 may 2026
NGINX ngx_http_ssl_module vulnerability
33RIESGO
abrir
GitHub PoC
CVE-2026-8380
CVE-2026-8380MEDIUM28 may 2026
Frontend File Manager Plugin <= 23.6 - Author+ Arbitrary Post Deletion
33RIESGO
abrir
GitHub PoC
CVE-2023-26083-Mali-InfoLeak-PoC
CVE-2023-26083LOWbajo ataque28 may 2026
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost
58RIESGO
abrir
GitHub PoC
aarch64 and x64 python POC
CVE-2026-31431HIGHbajo ataque28 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
CVE-2026-35616 - Draft
CVE-2026-35616CRITICALbajo ataque28 may 2026
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta
100RIESGO
abrir
GitHub PoC10
Public advisory for CVE-2025-65640: Stored XSS vulnerability in Globe Document Intelligence.
CVE-2025-65640MEDIUM28 may 2026
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.
33RIESGO
abrir
GitHub PoC2
3nou9h/CVE-2026-9256-Poc
CVE-2026-9256CRITICAL28 may 2026
NGINX ngx_http_rewrite_module vulnerability
48RIESGO
abrir
GitHub PoC1
W5M1n9/NGINX-ngx_http_rewrite_module-heap-buffer-overflow-CVE-2026-9256
CVE-2026-9256CRITICAL28 may 2026
NGINX ngx_http_rewrite_module vulnerability
48RIESGO
abrir
GitHub PoC
EXPLOIT CVE-2026-8832
CVE-2026-8832HIGH28 may 2026
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RIESGO
abrir
GitHub PoC1
A x86_64 ASM implementation of PinTheft (CVE-2026-43494)
CVE-2026-43494HIGH28 may 2026
net/rds: reset op_nents when zerocopy page pin fails
41RIESGO
abrir
GitHub PoC
krishnadevpmelevila/CVE-2026-39292
CVE-2026-39292HIGH28 may 2026
Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder
41RIESGO
abrir
GitHub PoC
This script safely checks the local version of the LiteSpeed cPanel plugin to determine if the system is running a version vulnerable to CVE-2026-48172. It does not send exploits or interact with network endpoints maliciously.
CVE-2026-48172CRITICALbajo ataque28 may 2026
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild i
83RIESGO
abrir
anteriorpágina 41 / 2371siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.