Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.114 exploits
GitHub PoC★ 1
Detection scanner for CVE-2026-48710 - Host-header auth bypass in Starlette/FastAPI
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RIESGO
abrir ↗GitHub PoC
POC for CVE-2026-49009, an authenticated path traversal to RCE issue in Mender Server.
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RIESGO
abrir ↗GitHub PoC
quantumworld-dpdns-io/CVE-2026-42945
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir ↗GitHub PoC
A Marp slide deck about CVE-2025-53770
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir ↗GitHub PoC
CVE-2023-26083-Mali-InfoLeak-PoC
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost
58RIESGO
abrir ↗GitHub PoC
CVE-2026-35616 - Draft
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta
100RIESGO
abrir ↗GitHub PoC★ 1
Intentionally-vulnerable nginx 1.30.0 CVE lab images (CVE-2026-40701/42934/42945/42946) for isolated security research. Lab use only.
NGINX ngx_http_ssl_module vulnerability
33RIESGO
abrir ↗GitHub PoC★ 6
Proof-of-concept scripts for three vulnerabilities in Notepad++ <= 8.9.6, patched in v8.9.6.1 (2026-05-26) CVE-2026-48770 / CVE-2026-48778 / CVE-2026-48800
Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash
33RIESGO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-47100-Analysis-Lab
Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX
41RIESGO
abrir ↗GitHub PoC★ 10
Public advisory for CVE-2025-65640: Stored XSS vulnerability in Globe Document Intelligence.
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.
33RIESGO
abrir ↗GitHub PoC★ 1
funixone/EXPLOIT-CVE-2026-8832
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RIESGO
abrir ↗Exploit-DB
scramble - Remote Code Execution
Scramble: Remote code execution via evaluation of user-controlled input in validation rules
63RIESGO
abrir ↗Exploit-DB
EspoCRM 9.3.3 - SSRF
EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
48RIESGO
abrir ↗GitHub PoC
lwd3c/CVE-2026-47342
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
21RIESGO
abrir ↗GitHub PoC
hadhub/CVE-2026-49344-Mercator-JSON-DSL
Mercator has a Personal Identifiable Information Leak from Query Executor feature
41RIESGO
abrir ↗GitHub PoC
Passive checker for CVE-2026-9082 / SA-CORE-2026-004 (Drupal core SQL injection, PostgreSQL)
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir ↗GitHub PoC
thinhap/CVE-2026-9082-PoC
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir ↗GitHub PoC
CVE-2026-45659 Microsoft SharePoint Server Deserialization RCE.
Microsoft SharePoint Remote Code Execution Vulnerability
71RIESGO
abrir ↗VulnCheck XDB
initial-access
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
60RIESGO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC
Generate the poc for CVE-2026-4893: broken EDNS Client Subnet validation.
CVE-2026-4893
33RIESGO
abrir ↗GitHub PoC
CVE-2026-5172: buffer overflow in extract_addresses() on crafted resource record PoC
CVE-2026-5172
41RIESGO
abrir ↗GitHub PoC
SSRF Discovered in Mercator
Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)
33RIESGO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RIESGO
abrir ↗GitHub PoC
mein-0/cve-2026-0828
Kernel driver vulnerability in Safetica Endpoint Client
41RIESGO
abrir ↗GitHub PoC★ 1
Starlette Host-Header URL Confusion Lab (X41-2026-002) - CVE-2026-48710
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.