Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
13.116 exploits
GitHub PoC
ameerhamza-malik/CVE-2026-42796
CVE-2026-42796CRITICAL08 may 2026
Arelle < 2.39.10 Unauthenticated RCE via /rest/configure
28RIESGO
abrir
GitHub PoC
Detection rules for CVE-2026-23918 Apache http2 RCE - Credit: stringa.ai, isec.pl
CVE-2026-23918HIGH08 may 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RIESGO
abrir
GitHub PoC6
Simple Ansible Playbook to mitigate against CopyFail (CVE-2026-31431) and DirtyFrag (CVE-2026-43284) vulnerabilities.
CVE-2026-31431HIGHbajo ataque08 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
CVE-2026-31431 ("Copy Fail") vulnerability detector & exploit on Astra linux 1.7.6 with 3.7+ python
CVE-2026-31431HIGHbajo ataque08 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Morton-Li/copy-fail-CVE-2026-31431
CVE-2026-31431HIGHbajo ataque08 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Kernel LPE PoC & Mitigation Toolkit - ROSN-LR5-Full (CVE-2026-31431)
CVE-2026-31431HIGHbajo ataque08 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
CVE-2026-31431 in C for aarch64 and amd64
CVE-2026-31431HIGHbajo ataque08 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Linux Kernel Local Privilege Escalation
CVE-2026-31431HIGHbajo ataque08 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Full black-box penetration test against SecOS:1 (VulnHub) — CSRF exploitation, privilege escalation via CVE-2015-1328 (OverlayFS), post-exploitation
CVE-2015-132808 may 2026
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does no
50RIESGO
abrir
GitHub PoC12
A proof-of-concept demonstrating how a default, unprivileged Kubernetes Pod can achieve node-level code execution on Amazon EKS by exploiting the Dirty Frag (CVE-2026-43284) Linux kernel page-cache corruption vulnerability through shared container image layers.
CVE-2026-43284HIGH08 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-3844-Lab
CVE-2026-3844CRITICAL08 may 2026
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RIESGO
abrir
GitHub PoC
A Rust honeypot that simulates a vulnerable cPanel/WHM instance for CVE-2026-41940
CVE-2026-41940CRITICALbajo ataqueransomware08 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC
AegisGraph: graph-based application-layer assessment evidence platform for Secure Messaging Applications (SMAs). DARPA ASEMA HR0011SB20254-12 Tier 3 research. ReproChain CVE-2023-4863 reachability + PolyDiff differential parser fuzzing + claim-state governance + reproducible benchmark surface.
CVE-2023-4863HIGHbajo ataque08 may 2026
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RIESGO
abrir
GitHub PoC
CVE-2026-31431, AKA Copy Fail, can be mitigated in one-line with bpftrace
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC2
Math.js Expression Parser RCE
CVE-2026-40897HIGH07 may 2026
Math.js: Unsafe object property setter in mathjs
41RIESGO
abrir
GitHub PoC
abdelkabirouadoukou/CVE-2026-31431-Analysis-and-Fix
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC2
Advisory: CVE-2026-38360 path traversal (CWE-22) in dash-uploader (Python/PyPI)
CVE-2026-38360CRITICAL07 may 2026
Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execut
43RIESGO
abrir
GitHub PoC
Discovery and original disclosure of CVE-2026-31431: Theori / Xint. Public writeup: https://copy.fail/.
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
CVE-2026-44590 - Sherlock <= v0.16.0 - RCE via pull_request_target Injection → Supply Chain Compromise
CVE-2026-44590CRITICAL07 may 2026
Sherlock: Command Injection via pull_request_target in validate_modified_targets.yml
28RIESGO
abrir
GitHub PoC
CVE-2026-3844
CVE-2026-3844CRITICAL07 may 2026
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RIESGO
abrir
GitHub PoC
Advisory: CVE-2026-38361 multiple DoS vulnerabilities (CWE-400/CWE-670) in dash-uploader (Python/PyPI)
CVE-2026-38361HIGH07 may 2026
Multiple unauthenticated denial-of-service (DoS) issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-u
36RIESGO
abrir
GitHub PoC
CVE-2026-31431 (Copy Fail) novel exploit: live code corruption via page cache. Overwrites libc exit() code through MAP_PRIVATE page sharing — affects ALL running processes.
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
CVE-2025-6440
CVE-2025-6440CRITICAL07 may 2026
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RIESGO
abrir
GitHub PoC1
CVE-2026-23918 Apache mod_http2 Double-Free Detector
CVE-2026-23918HIGH07 may 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RIESGO
abrir
GitHub PoC1
CVE-2026-31431 Copy Fail
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
julichaan/CVE-2026-31431-python-copyfail-POC
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
cve-2026-41940 cPanel/WHM Authentication Bypass - Detection Artifact Generator
CVE-2026-41940CRITICALbajo ataqueransomware07 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC
borahll/CVE-2021-21220
CVE-2021-21220HIGHbajo ataque07 may 2026
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RIESGO
abrir
GitHub PoC3
One-liner Python LPE for CVE-2026-31431 (CopyFail2). No compilation, no dependencies beyond Python+OpenSSL. Just curl | python3 and get root on Linux 6.5+.
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
Automatic script written in python for CVE-2009-3999
CVE-2009-399907 may 2026
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to ex
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.