Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
71.114 exploits
GitHub PoC
Complete CosmicSting (CVE-2024-34102) exploit suite for Magento/Adobe Commerce XXE vulnerability
CVE-2024-34102CRITICALbajo ataque25 may 2026
XXE can expose crypt key and other secrets granting full admin access
100RIESGO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-47102HIGH25 may 2026
LiteLLM < 1.83.10 Privilege Escalation via User Update
41RIESGO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-42945CRITICAL25 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
Educational laboratory for studying CVE-2014-0160 (Heartbleed) and framing inconsistencies in TLS heartbeat handling.
CVE-2014-0160HIGHbajo ataque25 may 2026
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2024-34102CRITICALbajo ataque25 may 2026
XXE can expose crypt key and other secrets granting full admin access
100RIESGO
abrir
GitHub PoC
renewablehacking/CVE-2026-45321-Tanstack
CVE-2026-45321CRITICALbajo ataqueransomware25 may 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir
GitHub PoC
CVE-2026-38427 — Integer Wraparound → Heap Buffer Overflow in Tasmota fetch_jpg() uint16_t (Tasmota <= 15.3.0.3)
CVE-2026-38427HIGH25 may 2026
An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffe
41RIESGO
abrir
GitHub PoC1
Repository for studying the CVE-2026-42945 vulnerability in nginx < 1.30
CVE-2026-42945CRITICAL25 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
Critical vulnerability in Siemens RuggedCom ROS devices allowing attackers to derive a hidden factory account password from the device MAC address and gain unauthorized administrative access via TELNET, rsh, or serial interfaces. Affects ROS 3.10.x and earlier.
CVE-2012-180325 may 2026
RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Ad
50RIESGO
abrir
GitHub PoC
Multi-language PoC (Python · Go · JS · C) and technical documentation for CVE-2025-63353, a critical predictable-default-PSK vulnerability in FiberHome HG6145F1 GPON ONT devices.
CVE-2025-63353CRITICAL25 may 2026
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-s
48RIESGO
abrir
GitHub PoC
This is POC repo for CVE-2026-48188
CVE-2026-48188CRITICAL25 may 2026
SQL Injection via MySQL Quote Method
48RIESGO
abrir
GitHub PoC29
CVE-2026-0091, play with an issue in android window management to perform arbitrary code execution in Launcher process from adb
CVE-2026-0091HIGH25 may 2026
In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell u
41RIESGO
abrir
GitHub PoC
HAERIN-L/POC_CVE-2026-42880
CVE-2026-42880CRITICAL25 may 2026
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
48RIESGO
abrir
GitHub PoC1
Proof-of-concept for CVE-2026-43494 (PinTheft): Linux LPE via RDS zerocopy refcount bug + io_uring fixed buffers → SUID page-cache overwrite. Authorized research only.
CVE-2026-43494HIGH25 may 2026
net/rds: reset op_nents when zerocopy page pin fails
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALbajo ataqueransomware25 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2020-1938CRITICALbajo ataque25 may 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RIESGO
abrir
GitHub PoC
This is POC repo for CVE-2026-48208
CVE-2026-48208MEDIUM25 may 2026
Denial-of-Service via SVG Rendering in Ticket
33RIESGO
abrir
GitHub PoC
Proof-of-concept for CVE-2026-43494 (PinTheft): Linux LPE via RDS zerocopy refcount bug + io_uring fixed buffers → SUID page-cache overwrite. Authorized research only.
CVE-2026-43494HIGH25 may 2026
net/rds: reset op_nents when zerocopy page pin fails
41RIESGO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-47101HIGH25 may 2026
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALbajo ataqueransomware25 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
Manual, non-Metasploit authenticated Remote Code Execution (RCE) exploit via the browser URL bar for Webmin 1.580 (CVE-2012-2982)
CVE-2012-298225 may 2026
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid
50RIESGO
abrir
GitHub PoC
A proof of concept for CVE 2024 23113 inspired by WatchTowr's article.
CVE-2024-23113CRITICALbajo ataque25 may 2026
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.
90RIESGO
abrir
GitHub PoC
notthemystery/CVE-2026-20700-POC-that-ll-never-work
CVE-2026-20700HIGHbajo ataque25 may 2026
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3,
71RIESGO
abrir
GitHub PoC
Tomcat AJP文件读取/包含漏洞
CVE-2020-1938CRITICALbajo ataque25 may 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RIESGO
abrir
GitHub PoC
CMS Made Simple CVE-2019-9053 Exploit (Python 3)
CVE-2019-905324 may 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir
GitHub PoC
mein-0/cve-2026-29923
CVE-2026-29923HIGH24 may 2026
The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALbajo ataqueransomware24 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC1
Automated scanner & post-exploitation toolkit for CVE-2026-41940 — cPanel & WHM root authentication bypass via session-file CRLF injection
CVE-2026-41940CRITICALbajo ataqueransomware24 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALbajo ataqueransomware24 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
Lab detection exercise for DirtyFrag (CVE-2026-43284) - Linux kernel privilege escalation via xfrm-ESP page cache corruption. Full write-up covering exploit execution, detection gaps, and corrected EQL rules using Elastic Stack
CVE-2026-43284HIGH24 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
anteriorpágina 45 / 2371siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.