Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.116 exploits
GitHub PoC
6abc/Copy-Fail-CVE-2026-31431-dirty-frag-CVE-2026-43284
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 1
Утилита для Linux, которая проверяет доступность `AF_ALG`/`algif_aead` и помогает оценить риск по `CVE-2026-31431`.
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 1
Detection signatures for CVE-2026-41940 and shemas for cPanel logs
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC
Exploit and detect CVE-2026-31431 vulnerabilities using a static binary that monitors system integrity and bypasses PAM authentication.
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Pentesting caja negra: Shellshock (CVE-2014-6271) + Log4Shell (CVE-2021-44228). Escalada a root. Informe ejecutivo y técnico
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗GitHub PoC
Simple exploit
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po
100RIESGO
abrir ↗GitHub PoC
kaleth4/CVE-2025-47987
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
41RIESGO
abrir ↗GitHub PoC
kaleth4/CVE-2025-60751
GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode.
41RIESGO
abrir ↗GitHub PoC★ 10
Safe detection tooling for CVE-2026-31431 "Copy Fail" and CVE-2026-43284 "Dirty Frag" — a local privilege escalation in the Linux kernel's algif_aead module affecting all major distributions since 2017.
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
LetsDefend SOC336 case study on CVE-2025-21298
Windows OLE Remote Code Execution Vulnerability
70RIESGO
abrir ↗GitHub PoC
Controlled virtual attack & defense lab — CVE-2011-2523 exploitation, Nmap recon, Nikto scanning, UFW hardening on Metasploitable 2
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir ↗GitHub PoC
Mrhudson69/cve-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
kaleth4/CVE-2025-69985
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnera
48RIESGO
abrir ↗GitHub PoC★ 4
Read-only Bash checker for the Copy Fail Linux kernel vulnerability (CVE-2026-31431)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Privilege Escalation Vulnerability in PackageKit (TOCTOU Race Condition)
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
41RIESGO
abrir ↗GitHub PoC
CVE-2026-31431 merupakan celah keamanan yang terjadi akibat kegagalan dalam proses penyalinan data (copy operation failure). Kerentanan ini muncul ketika sistem tidak melakukan validasi atau penanganan error dengan benar saat melakukan proses copy data dari satu buffer ke buffer lain
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 2
Fast, auditable Linux mitigation for CVE-2026-31431 Copy Fail: algif_aead block, verification, and AF_ALG seccomp hardening.
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Log4Shell (CVE-2021-44228)
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC
IDS/IPS lab for detecting and preventing Apache ActiveMQ RCE (CVE-2023-46604) using GVM, Nmap, Snort, iptables, and UFW.
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RIESGO
abrir ↗GitHub PoC
Linux Kernel LPE PoC (CVE-2026-31431)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-41940 Direct Shell Acess
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC
Hunt-Benito/cve-2026-41200-stig-manager-oidc-reflected-xss
STIG Manager has reflected XSS vulnerability in the Web App
41RIESGO
abrir ↗GitHub PoC
this is a repo who is facing a escalation issue in their linux system and a news regarding problem of "Dirty pipeline"
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RIESGO
abrir ↗GitHub PoC
Tracking CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 2
CVE-2016-6210/Openssh 7.2p2 side channel info disclosure POC
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static
70RIESGO
abrir ↗GitHub PoC
CRAReady SBOM test fixture — Java/Maven app with Log4Shell (CVE-2021-44228), Spring4Shell, Text4Shell, and other critical CVEs
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC
Proof of concept exploit for CVE-2024-53677 - Apache Struts file upload path traversal vulnerability leading to Remote Code Execution
Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
70RIESGO
abrir ↗GitHub PoC★ 2
CVE-2026-31431 - Copy Fail | Linux LPE via authencesn page cache write. Unprivileged user to root on most distros since 2017. PoC in C and Python.
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 10
cPanel/WHM Authentication Bypass (Zero-Day Vulnerability)
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.