Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.114 exploits
GitHub PoC★ 1
CVE-2026-9082
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir ↗VulnCheck XDB
initial-access
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir ↗GitHub PoC★ 2
Langflow Arbitrary Directory Deletion
Langflow: Path Traversal in Langflow Knowledge Bases API
48RIESGO
abrir ↗GitHub PoC
CVE-2026-0300 PAN-OS 12.1, 11.2, 11.1, 10.2
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
90RIESGO
abrir ↗Exploit-DB
FUXA 1.2.9 - RCE
FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
48RIESGO
abrir ↗VulnCheck XDB
info-leak
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated
100RIESGO
abrir ↗GitHub PoC★ 3
CVE-2026-42945 - NGINX Rift Toolkit
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir ↗VulnCheck XDB
remote-with-credentials
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RIESGO
abrir ↗GitHub PoC
Se realizó una evaluación de vulnerabilidades sobre una máquina virtual con Kali Linux utilizando un script detector para la vulnerabilidad Dirty Frag, asociada a las CVE-2026-43284 y CVE-2026-43500. Posteriormente se ejecutó un Proof of Concept (PoC) público escrito en lenguaje C para validar la posibilidad de realizar una escalada local
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC
Exploit for DirtyDecrypt - CVE-2026-31635 Local Privilege Escalation
rxrpc: fix oversized RESPONSE authenticator length check
41RIESGO
abrir ↗VulnCheck XDB
local
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir ↗GitHub PoC
POC_CVE-2026-35037
Ech0 affected by unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata
41RIESGO
abrir ↗GitHub PoC
A small script to apply Yellowkey mitigation based on CVE-2026-45585 instructions
Windows BitLocker Security Feature Bypass Vulnerability
33RIESGO
abrir ↗GitHub PoC★ 20
CVE-2026-31431-killed page-cache exploit — code exec into containers sharing the same image layer
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
a24ac1/CVE-2026-0740
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RIESGO
abrir ↗GitHub PoC
The code for personally reproducing the corresponding vulnerability
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RIESGO
abrir ↗GitHub PoC
Exploit for CVE-2026-41651 - PackageKit TOCTOU Local Privilege Escalation (Pack2TheRoot)
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
41RIESGO
abrir ↗GitHub PoC
A Go implementation of dirtyfrag (CVE-2026-43284 / CVE-2026-43500)
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC
MGTx2/CVE-2026-39107
A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails
33RIESGO
abrir ↗GitHub PoC
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
rxrpc: fix oversized RESPONSE authenticator length check
41RIESGO
abrir ↗GitHub PoC
POC for CVE-2026-30950 which allows session hijacking in AutoGpt
AutoGPT has Authenticated Session Hijacking via IDOR
41RIESGO
abrir ↗GitHub PoC★ 2
A Go implementation of fragnesia (CVE-2026-46300)
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir ↗GitHub PoC
One-command scanner for the Mini Shai-Hulud npm supply-chain worm (CVE-2026-45321). Detect before rotating tokens.
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir ↗VulnCheck XDB
local
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RIESGO
abrir ↗VulnCheck XDB
local
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.