Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
71.114 exploits
VulnCheck XDB
denial-of-service
CVE-2026-5281HIGHbajo ataque22 may 2026
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render
71RIESGO
abrir
GitHub PoC4
0xFuffM3/CVE-2026-31635-DirtyDecrypt
CVE-2026-31635HIGH21 may 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RIESGO
abrir
GitHub PoC1
More portable POC of copyfail LPE (CVE-2026-31431) that works on Alpine Linux
CVE-2026-31431HIGHbajo ataque21 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
A Go implementation of dirtydecrypt (CVE-2026-31635)
CVE-2026-31635HIGH21 may 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RIESGO
abrir
GitHub PoC5
CVE-2026-5118 | Divi Form Builder <= 5.1.2 | Unauthenticated Privilege Escalation via Role Injection
CVE-2026-5118CRITICAL21 may 2026
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
48RIESGO
abrir
GitHub PoC
CVE-2026-5118-exp_wordpress_Divi Form Builder
CVE-2026-5118CRITICAL21 may 2026
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
48RIESGO
abrir
GitHub PoC1
Intune Remediation package for the CVE-2026-45585 YellowKey BitLocker/WinRE bypass mitigation described in the provided procedure. This package removes `autofstx.exe` from the offline WinRE image's `BootExecute` value and refreshes WinRE registration so BitLocker trust is reestablished.
CVE-2026-45585MEDIUM21 may 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir
Exploit-DB
Cockpit 359 - RCE
CVE-2026-4631CRITICAL21 may 2026
Cockpit: cockpit: unauthenticated remote code execution due to ssh command-line argument injection
68RIESGO
abrir
GitHub PoC1
PoC for CVE-2026-9082 (Drupal SA-CORE-2026-004) Drupal Core SQLi
CVE-2026-9082CRITICALbajo ataque21 may 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
GitHub PoC20
Drupal Core PostgreSQL SQL Injection PoC - CVE-2026-9082. Ethical PoC for the Drupal vulnerability allowing anonymous SQL injection through the JSON:API module on PostgreSQL-backed sites.
CVE-2026-9082CRITICALbajo ataque21 may 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
GitHub PoC1
CVE-2026-9082
CVE-2026-9082CRITICALbajo ataque21 may 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
GitHub PoC
cve poc
CVE-2026-9082CRITICALbajo ataque21 may 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
GitHub PoC2
CVE-2026-9082 | SA-CORE-2026-004
CVE-2026-9082CRITICALbajo ataque21 may 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-41773HIGHbajo ataqueransomware21 may 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
GitHub PoC
CVE-2026-5118 – Python2 mass exploit for Divi WordPress plugin Unauthenticated administrator registration via admin-ajax.php. Multi‑threaded scanner with nonce extraction.
CVE-2026-5118CRITICAL21 may 2026
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
48RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque21 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC11
CVE-2026-41091
CVE-2026-41091HIGHbajo ataque21 may 2026
Microsoft Defender Elevation of Privilege Vulnerability
71RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-9082CRITICALbajo ataque21 may 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque21 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-9082CRITICALbajo ataque21 may 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque21 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
EXPOSURE demo target: Tomcat (CVE-2016-0714) + Apache Rave (CVE-2013-1814) + Java filter-padding deps
CVE-2013-181421 may 2026
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain s
60RIESGO
abrir
GitHub PoC
CVE-2026-46680 exploit
CVE-2026-46680HIGH21 may 2026
containerd user ID handling bypass allows runAsNonRoot evasion
41RIESGO
abrir
GitHub PoC
Scanner para identificação de servidores com softwares SSH possivelmente vulnerável às CVEs CVE-2024-6387 e CVE-2023-48795.
CVE-2024-6387HIGH21 may 2026
Openssh: regresshion - race condition in ssh allows rce/dos
63RIESGO
abrir
GitHub PoC
yangh-beep/CVE-2026-31431-C
CVE-2026-31431HIGHbajo ataque21 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC22
CVE-2026-45250 - FreeBSD 14.x LPE
CVE-2026-45250HIGH21 may 2026
Stack buffer overflow via setcred(2)
41RIESGO
abrir
GitHub PoC2
Langflow Arbitrary Directory Deletion
CVE-2026-42048CRITICAL21 may 2026
Langflow: Path Traversal in Langflow Knowledge Bases API
48RIESGO
abrir
GitHub PoC1
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload → RCE
CVE-2026-4885CRITICAL21 may 2026
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload
48RIESGO
abrir
GitHub PoC
Vulnerability Case Study: CVE-2026-33829 (Windows Snipping Tool NTLM Coercion)
CVE-2026-33829MEDIUM21 may 2026
Windows Snipping Tool Spoofing Vulnerability
33RIESGO
abrir
GitHub PoC
CVE-2026-31431-CopyFail---Minified-LPE-PoC
CVE-2026-31431HIGHbajo ataque21 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
anteriorpágina 49 / 2371siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.