Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
13.116 exploits
GitHub PoC1
CVE-2026-31431 Copy Fail
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
CVE-2026-3844
CVE-2026-3844CRITICAL07 may 2026
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RIESGO
abrir
GitHub PoC2
Math.js Expression Parser RCE
CVE-2026-40897HIGH07 may 2026
Math.js: Unsafe object property setter in mathjs
41RIESGO
abrir
GitHub PoC
Vulnerability Research and Exploit for CVE-2019-10149
CVE-2019-10149CRITICALbajo ataque07 may 2026
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RIESGO
abrir
GitHub PoC2
Advisory: CVE-2026-38360 path traversal (CWE-22) in dash-uploader (Python/PyPI)
CVE-2026-38360CRITICAL07 may 2026
Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execut
43RIESGO
abrir
GitHub PoC
abdelkabirouadoukou/CVE-2026-31431-Analysis-and-Fix
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
CVE-2026-31431, AKA Copy Fail, can be mitigated in one-line with bpftrace
CVE-2026-31431HIGHbajo ataque07 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC12
mitigation of cve-2026-31431 using ftrace
CVE-2026-31431HIGHbajo ataque06 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC3
Exploit CVE-2026-31431 on Linux using a Rust implementation to achieve local privilege escalation via an arbitrary page cache write primitive.
CVE-2026-31431HIGHbajo ataque06 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Analysis of network scan results, service vulnerabilities, OS fingerprinting, and critical Nessus findings including Ghostcat (CVE-2020-1938).
CVE-2020-1938CRITICALbajo ataque06 may 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RIESGO
abrir
GitHub PoC
C implementation for researching Copy Fail (CVE-2026-31431)
CVE-2026-31431HIGHbajo ataque06 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
PoC for CVE-2026-41940: WHM/cPanel authentication bypass chain (Python 2.7). For authorized security research and testing only.
CVE-2026-41940CRITICALbajo ataqueransomware06 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC1
Test authentication bypass vulnerabilities in cPanel and WHM using this proof of concept exploit tool written in Go.
CVE-2026-41940CRITICALbajo ataqueransomware06 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC12
CVE-2026-41940 Auto Root Login
CVE-2026-41940CRITICALbajo ataqueransomware06 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC
MartinaStarone/CVE-2026-2441
CVE-2026-2441HIGHbajo ataque06 may 2026
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RIESGO
abrir
GitHub PoC
ycseo-git/CVE-2020-11800
CVE-2020-11800CRITICAL06 may 2026
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
48RIESGO
abrir
GitHub PoC1
Proof-of-concept exploit for CVE-2024-22120 that leverages time-based SQL injection and gopher-based SSRF to achieve remote code execution on vulnerable Zabbix servers for educational security research.
CVE-2024-22120CRITICAL06 may 2026
Time Based SQL Injection in Zabbix Server Audit Log
70RIESGO
abrir
GitHub PoC
Proof-of-concept for CVE-2024-4040 (CrushFTP SSTI -> unauthenticated LFI) in a controlled CS443 lab environment - for educational/authorised use only.
CVE-2024-4040CRITICALbajo ataque06 may 2026
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RIESGO
abrir
GitHub PoC
This repository contains an academic and technical analysis of CVE-2023-34362, a critical SQL injection vulnerability affecting the MOVEit Transfer application, a widely used enterprise Managed File Transfer (MFT) platform. The project was developed as part of the CYB625 – Ethical Hacking & Penetration Testing course at Pace University.
CVE-2023-34362CRITICALbajo ataqueransomware06 may 2026
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.
100RIESGO
abrir
GitHub PoC
roodhelios/CVE-2022-26134-OGNL-Injection
CVE-2022-26134CRITICALbajo ataqueransomware06 may 2026
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RIESGO
abrir
GitHub PoC1
This repository contains a Python replication script for CVE-2025-4632, an Unauthenticated Remote Code Execution (RCE) vulnerability in Samsung MagicINFO 9 Server (versions prior to 21.1052).
CVE-2025-4632CRITICALbajo ataque06 may 2026
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 2
98RIESGO
abrir
GitHub PoC1
Zimbra Path Traversal (CVE-2025-68645) - Unauthenticated file read vulnerability in Zimbra Collaboration Suite
CVE-2025-68645HIGHbajo ataque06 may 2026
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1
98RIESGO
abrir
GitHub PoC
CVE-2011-1249 (MS11-046) AFD privilege escalation — MinGW cross-compilation fix + custom command support
CVE-2011-124906 may 2026
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis
23RIESGO
abrir
GitHub PoC1
mawussid/CVE-2026-41651-Python
CVE-2026-41651HIGH06 may 2026
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
41RIESGO
abrir
GitHub PoC
6abc/Copy-Fail-CVE-2026-31431-dirty-frag-CVE-2026-43284
CVE-2026-31431HIGHbajo ataque05 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
ZildanZ/CVE-2026-41940
CVE-2026-41940CRITICALbajo ataqueransomware05 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC1
Утилита для Linux, которая проверяет доступность `AF_ALG`/`algif_aead` и помогает оценить риск по `CVE-2026-31431`.
CVE-2026-31431HIGHbajo ataque05 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC22
LPE due to integer truncation in vskrnlintvsp.sys
CVE-2025-21333HIGHbajo ataque05 may 2026
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
71RIESGO
abrir
GitHub PoC
Pentesting caja negra: Shellshock (CVE-2014-6271) + Log4Shell (CVE-2021-44228). Escalada a root. Informe ejecutivo y técnico
CVE-2021-44228CRITICALbajo ataqueransomware05 may 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
GitHub PoC
Analysis of CVE-2026-24072
CVE-2026-24072HIGH05 may 2026
Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
21RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.