Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
13.116 exploits
GitHub PoC20
azefzafyoussef/CVE-2026-34621
CVE-2026-34621HIGHbajo ataque12 may 2026
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
71RIESGO
abrir
GitHub PoC
Are you get Tanstack Supply chain attack attack of 5/11? CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx
CVE-2026-45321CRITICALbajo ataqueransomware12 may 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir
GitHub PoC
🛡️ One-command scanner for CVE-2026-45321 — TanStack npm supply-chain attack
CVE-2026-45321CRITICALbajo ataqueransomware12 may 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir
GitHub PoC
Semgrep rules that flag header-trust auth bypass patterns (CVE-2025-29927 class). Companion to bk-security.github.io.
CVE-2025-29927CRITICAL12 may 2026
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
GitHub PoC
lamaper/CVE-2026-52200
CVE-2026-52200CRITICAL12 may 2026
An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax
28RIESGO
abrir
GitHub PoC
CSRF (Cross-Site Request Forgery) vulnerability in gpEasy 1.5-16.3
CVE-2010-203912 may 2026
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijac
23RIESGO
abrir
GitHub PoC2
Dead.Letter CVE-2026-45185 EXIM Vulnerability Detection Script
CVE-2026-45185CRITICAL12 may 2026
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing p
48RIESGO
abrir
GitHub PoC
vutiendat323/CVE-2021-44228_Log4Shell
CVE-2021-44228CRITICALbajo ataqueransomware12 may 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
GitHub PoC
y0naldez/CVE-2024-28397-Js2Py-RCE
CVE-2024-28397MEDIUM12 may 2026
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RIESGO
abrir
GitHub PoC1
oen liner CVE-2026-31431 test. Created 'sandbox' on sudo user and tests if ir can escape to root
CVE-2026-31431HIGHbajo ataque12 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC2
CVE-2026-29000 – pac4j-jwt Authentication Bypass (🔥 CVSS 10.0). One-click admin forge via public key JWE wrapping. Leaks configs, users, secrets. Keep-alive, proxy, custom JWKS.⚙️ Educational PoC Exploit tool.
CVE-2026-29000CRITICAL12 may 2026
pac4j-jwt JwtAuthenticator Authentication Bypass
48RIESGO
abrir
GitHub PoC
cve-2024-21413
CVE-2024-21413CRITICALbajo ataque12 may 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC
CVE-2023-4220 — Unauthenticated file upload RCE in Chamilo LMS ≤ 1.11.24. OSCP-style and auto exploit.
CVE-2023-4220HIGH12 may 2026
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RIESGO
abrir
GitHub PoC
CVE-2026-43284的rust版本实现
CVE-2026-43284HIGH11 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
PoC for CVE-2026-8023: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-8023HIGH11 may 2026
Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read
41RIESGO
abrir
GitHub PoC68
EncryptInterceptor fail-open bypass in Apache Tomcat Tribes clustering leading to unauthenticated RCE via Java deserialization.
CVE-2026-34486HIGH11 may 2026
Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor
61RIESGO
abrir
GitHub PoC
EspoCRM 9.3.3 - Stored HTML Injection in Email Notifications
CVE-2026-33657MEDIUM11 may 2026
EspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post field
13RIESGO
abrir
GitHub PoC3
Arbitrary command execution on Cockpit
CVE-2026-4802HIGH11 may 2026
Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui
21RIESGO
abrir
GitHub PoC1
This project is a cybersecurity research and analysis project focused on CVE-2023-38831, a critical WinRAR vulnerability that allows attackers to execute malicious code through specially crafted archive files. The project was conducted in a controlled lab environment for educational and defensive security purposes only.
CVE-2023-38831HIGHbajo ataqueransomware11 may 2026
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RIESGO
abrir
GitHub PoC
Xmyronn/CVE-2026-10288-AUTH-BYPASS
CVE-2026-10288MEDIUM11 may 2026
code-projects Hotel and Tourism Reservation System Admin Login login.php password_verify improper authentication
33RIESGO
abrir
GitHub PoC
SSTI contact form to rce
CVE-2026-4257CRITICAL11 may 2026
Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality
75RIESGO
abrir
GitHub PoC
Xmyronn/CVE-2026-10290-SQLI
CVE-2026-10290MEDIUM11 may 2026
code-projects Hotel and Tourism Reservation System GET Parameter tour.php sql injection
33RIESGO
abrir
GitHub PoC
Lab testing documentation for CVE-2026-31431 (Copy Fail) Linux kernel LPE
CVE-2026-31431HIGHbajo ataque11 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC29
Double-free in Apache httpd mod_http2 stream cleanup leading to pre-auth RCE.
CVE-2026-23918HIGH11 may 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RIESGO
abrir
GitHub PoC
Dirtyfrag CVE-2026-43284 & CVE-2026-43500 Scanner
CVE-2026-43284HIGH11 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
CVE-2026-6274 - Redline WR3200 Broken Authentication
CVE-2026-6274CRITICAL11 may 2026
Authentication Bypass in DTS Electronics' Redline WR3200
28RIESGO
abrir
GitHub PoC1
CVE-2026-31431 - Linux Kernel Page Cache Vulnerability
CVE-2026-31431HIGHbajo ataque11 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Relatório de Análise Técnica: Exploração de Falha de Isolamento no Kernel Linux (CVE-2026-31431)
CVE-2026-31431HIGHbajo ataque11 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC14
CVE-2026-43284/CVE-2026-43500 'DirtyFrag' Benign patch & mitigation detection script
CVE-2026-43284HIGH11 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
Xmyronn/CVE-2026-10289-XSS
CVE-2026-10289MEDIUM11 may 2026
code-projects Hotel and Tourism Reservation System tour.php cross site scripting
33RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.