Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
71.114 exploits
GitHub PoC1
Detection scanner for CVE-2026-48710 - Host-header auth bypass in Starlette/FastAPI
CVE-2026-48710MEDIUM28 may 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RIESGO
abrir
GitHub PoC
POC for CVE-2026-49009, an authenticated path traversal to RCE issue in Mender Server.
CVE-2026-49009LOW28 may 2026
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RIESGO
abrir
GitHub PoC
quantumworld-dpdns-io/CVE-2026-42945
CVE-2026-42945CRITICAL28 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
A Marp slide deck about CVE-2025-53770
CVE-2025-53770CRITICALbajo ataqueransomware28 may 2026
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC
CVE-2023-26083-Mali-InfoLeak-PoC
CVE-2023-26083LOWbajo ataque28 may 2026
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost
58RIESGO
abrir
GitHub PoC
CVE-2026-35616 - Draft
CVE-2026-35616CRITICALbajo ataque28 may 2026
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-31431HIGHbajo ataque28 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
Intentionally-vulnerable nginx 1.30.0 CVE lab images (CVE-2026-40701/42934/42945/42946) for isolated security research. Lab use only.
CVE-2026-40701MEDIUM28 may 2026
NGINX ngx_http_ssl_module vulnerability
33RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL28 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC6
Proof-of-concept scripts for three vulnerabilities in Notepad++ <= 8.9.6, patched in v8.9.6.1 (2026-05-26) CVE-2026-48770 / CVE-2026-48778 / CVE-2026-48800
CVE-2026-48770MEDIUM28 may 2026
Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash
33RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-47100-Analysis-Lab
CVE-2026-47100HIGH28 may 2026
Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX
41RIESGO
abrir
GitHub PoC10
Public advisory for CVE-2025-65640: Stored XSS vulnerability in Globe Document Intelligence.
CVE-2025-65640MEDIUM28 may 2026
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.
33RIESGO
abrir
GitHub PoC1
funixone/EXPLOIT-CVE-2026-8832
CVE-2026-8832HIGH28 may 2026
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RIESGO
abrir
Exploit-DB
scramble - Remote Code Execution
CVE-2026-44262CRITICALwebappsphp27 may 2026
Scramble: Remote code execution via evaluation of user-controlled input in validation rules
63RIESGO
abrir
Exploit-DB
EspoCRM 9.3.3 - SSRF
CVE-2026-33534MEDIUM27 may 2026
EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
48RIESGO
abrir
GitHub PoC
CVE-2026-45659
CVE-2026-45659HIGHbajo ataque27 may 2026
Microsoft SharePoint Remote Code Execution Vulnerability
71RIESGO
abrir
GitHub PoC
lwd3c/CVE-2026-47342
CVE-2026-47342HIGH27 may 2026
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
21RIESGO
abrir
GitHub PoC
hadhub/CVE-2026-49344-Mercator-JSON-DSL
CVE-2026-49344HIGH27 may 2026
Mercator has a Personal Identifiable Information Leak from Query Executor feature
41RIESGO
abrir
GitHub PoC
Passive checker for CVE-2026-9082 / SA-CORE-2026-004 (Drupal core SQL injection, PostgreSQL)
CVE-2026-9082CRITICALbajo ataque27 may 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
GitHub PoC
thinhap/CVE-2026-9082-PoC
CVE-2026-9082CRITICALbajo ataque27 may 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
GitHub PoC
CVE-2026-45659 Microsoft SharePoint Server Deserialization RCE.
CVE-2026-45659HIGHbajo ataque27 may 2026
Microsoft SharePoint Remote Code Execution Vulnerability
71RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2017-1161027 may 2026
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
60RIESGO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43284HIGHlocallinux27 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
Generate the poc for CVE-2026-4893: broken EDNS Client Subnet validation.
CVE-2026-4893MEDIUM27 may 2026
CVE-2026-4893
33RIESGO
abrir
GitHub PoC
CVE-2026-5172: buffer overflow in extract_addresses() on crafted resource record PoC
CVE-2026-5172HIGH27 may 2026
CVE-2026-5172
41RIESGO
abrir
GitHub PoC
SSRF Discovered in Mercator
CVE-2026-49345MEDIUM27 may 2026
Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)
33RIESGO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43500HIGHlocallinux27 may 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RIESGO
abrir
GitHub PoC
mein-0/cve-2026-0828
CVE-2026-0828HIGH27 may 2026
Kernel driver vulnerability in Safetica Endpoint Client
41RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2026-26980CRITICAL27 may 2026
Ghost has a SQL Injection in its Content API
75RIESGO
abrir
GitHub PoC1
Starlette Host-Header URL Confusion Lab (X41-2026-002) - CVE-2026-48710
CVE-2026-48710MEDIUM27 may 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RIESGO
abrir
anteriorpágina 42 / 2371siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.