Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.086 exploits
GitHub PoC★ 2
Reproducer for CVE-2026-40047: Apache Camel camel-docling CLI argument injection / path traversal
Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer
48RIESGO
abrir ↗GitHub PoC
Automated exploit for Krayin CRM ≤ 2.2.x.
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RIESGO
abrir ↗GitHub PoC★ 3
CVE-2026-56290 - Mass Exploit for Joomla Com_pagebuilderck component (Unrestricted File Upload → RCE). Multi-threaded, automatic CSRF bypass, PHP shell uploader.
Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
48RIESGO
abrir ↗GitHub PoC★ 6
CVE-2026-43499
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir ↗GitHub PoC★ 2
Verificador de Vulnerabilidad: Bad Epoll (CVE-2026-46242)
eventpoll: fix ep_remove struct eventpoll / struct file UAF
41RIESGO
abrir ↗GitHub PoC
CVE-2026-43499 - Draft
rtmutex: Use waiter::task instead of current in remove_waiter()
41RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-0257 - Palo Alto PAN-OS GlobalProtect Auth Override Cookie Forgery - PoC & Analysis | CVSS 9.1 CRITICAL CISA KEV | AMN SECURITY
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RIESGO
abrir ↗GitHub PoC
Reproducer for CVE-2026-40453: Apache Camel case-variant Camel header injection (incomplete fix of CVE-2025-27636)
Apache Camel JMS, Apache Camel CoAP, Apache Camel Google PubSub: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection
48RIESGO
abrir ↗GitHub PoC
Reproducer for CVE-2026-40048: Apache Camel camel-pqc FileBasedKeyLifecycleManager unsafe deserialization (RCE)
Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager
41RIESGO
abrir ↗GitHub PoC★ 1
Blocking the DirtyFrag Linux LPE chain (CVE-2026-43284 / CVE-2026-43500) at runtime with a Cilium Tetragon TracingPolicy
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-49777 - WooCommerce Product Slider Pro Malicious Software Implantation RCE - PoC & Analysis | CVSS 10.0 CRITICAL | AMN SECURITY
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
63RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-8206 - Kirki WordPress Plugin Unauthenticated Account Takeover - PoC & Analysis | CVSS 9.8 CRITICAL | AMN SECURITY
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RIESGO
abrir ↗GitHub PoC
Bypass Authentication
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or
63RIESGO
abrir ↗GitHub PoC
Vtiger CRM 8.3.0 Authenticated RCE via .phar Upload
Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module
41RIESGO
abrir ↗GitHub PoC
Vtiger CRM 8.3.0, 8.4.0 Module Import Authenticated RCE PoC
Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload
41RIESGO
abrir ↗GitHub PoC
Frontend File Manager Plugin (WordPress) <= 23.6 - Unauthenticated Arbitrary File Deletion to RCE
Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Deletion via Saved File Metadata Path Traversal
41RIESGO
abrir ↗GitHub PoC
CVE-2026-11405 - Draft
Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface
48RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-14762 exploit for Hotel & Tourism Reservation 1.0. Time-based blind SQL injection via /admin/rooms.php?delete. Dumps DB, tables, columns, reads files, writes webshells. Multi-threaded, proxy support, interactive shell. CVSS 7.3. Authorized testing only. By| @tc4dy
code-projects Hotel and Tourism Reservation Room Management rooms.php sql injection
33RIESGO
abrir ↗GitHub PoC
CVE-2026-14191 - Draft
WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader
41RIESGO
abrir ↗GitHub PoC
Laboratory validation of CVE-2026-48282 in Adobe ColdFusion RDS, covering arbitrary CFM file write, code execution as the ColdFusion service user, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
68RIESGO
abrir ↗GitHub PoC★ 2
CVE-2026-8451 - Citrix NetScaler SAML Memory Overread (CitrixBleed) - PoC & Analysis | CVSS 8.8 | AMN SECURITY
Insufficient input validation leading to memory overread
41RIESGO
abrir ↗GitHub PoC
PoC for CVE-2026-54350 — Budibase unauthenticated NoSQL operator injection (CVSS 10.0). Read/mass-write any document collection via a PUBLIC query.
Budibase: Anonymous NoSQL operator injection via published-app query templates
48RIESGO
abrir ↗GitHub PoC★ 2
CVE-2026-48908 — PoC exploit for unauthenticated RCE in SP Page Builder (Joomla) via arbitrary file upload. Multi‑threaded, case‑bypass, shell verification. For authorized security testing only.
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-39492 — WP Maps (wp-google-map-plugin) <= 4.9.1 Unauthenticated Blind SQL Injection Mass Scanner | sqlmap-style detection | backtick bypass esc_sql() | 100K+ installs
WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability
48RIESGO
abrir ↗GitHub PoC★ 6
CVE-2026-42980 PUBLIC EXPLOIT + RESEARCH
NT OS Kernel Elevation of Privilege Vulnerability
41RIESGO
abrir ↗GitHub PoC
🐳 docker-compose 를 활용한 취약한 환경 구성 및 검증 (vulhub 한글판)
Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()
21RIESGO
abrir ↗GitHub PoC★ 1
CVE-2026-45659 - Microsoft SharePoint Deserialization RCE - PoC & Analysis | CVSS 8.8 | AMN SECURITY
Microsoft SharePoint Remote Code Execution Vulnerability
71RIESGO
abrir ↗GitHub PoC★ 2
IOCs and a read-only triage checklist from a real Linux root compromise: RedTail miner, XorDDoS persistence, MoneroOcean miner, DirtyFrag LPE (CVE-2026-43284/43500). CC0.
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC★ 3
CVE-2026-42271 - LiteLLM AI Gateway MCP Command Injection RCE - PoC & Analysis | CVSS 8.8 | AMN SECURITY
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.