Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8069Nuclei 4188Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.116 exploits
GitHub PoC★ 10
DaemonSet для митигации уязвимости CVE-2026-31431 (Copy Fail)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Wazuh SCA Linux hardening policy for Copy Fail (CVE-2026-31431)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 3
根据py版本,升级成了c和rust版本,带加密混淆、0依赖(仅技术学习与分享)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 2
Temporarily removes the root password using CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
ryan2929/CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 2
Detection rules for CVE-2026-31431 Linux LPE Vulnerability - Credit: (Copy Fail) https://copy.fail
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 31
BPF-LSM mitigation for CVE-2026-31431 (Copy Fail) — denies AF_ALG socket creation cluster-wide
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Unauthenticated time-based blind SQL injection PoC for VICIdial CVE-2024-8503, with metadata extraction, resumable scans, and strict safety limits.
VICIdial Unauthenticated SQL Injection
85RIESGO
abrir ↗GitHub PoC★ 1
Automated detection & exploitation of critical PHP vulnerabilities (CVE-2024-4577 bypass, CVE-2025-14177, CVE-2025-14180, CVE-2025-14178)
Argument Injection in PHP-CGI
100RIESGO
abrir ↗GitHub PoC
dinhthihanhle1989-max/CVE-2024-29988
SmartScreen Prompt Security Feature Bypass Vulnerability
83RIESGO
abrir ↗GitHub PoC
Escaneo de vulnerabilidades, análisis de tráfico con Wireshark y explotación controlada del CVE-2011-2523 (vsftpd 2.3.4) en entorno de red segura.
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir ↗GitHub PoC★ 433
Cross-platform C port of the Copy Fail Linux LPE (CVE-2026-31431). Disclosed 2026-04-29 by Theori / Xint.
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Wise-Security/CVE-2026-38945
Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary cod
41RIESGO
abrir ↗GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56537
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute
33RIESGO
abrir ↗GitHub PoC★ 1
POC for CVE-2026-39816 which allows NiFi users without execute code permissions to run arbitrary scripts
Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService
21RIESGO
abrir ↗GitHub PoC★ 7
Time-based SQL injection PoC for CVE-2024-51482 in ZoneMinder, with reproducible Docker lab and automated data extraction.
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RIESGO
abrir ↗GitHub PoC
B1gN0Se/PwnKit_CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir ↗GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56534
A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers t
33RIESGO
abrir ↗GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56536
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scri
33RIESGO
abrir ↗GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56535
A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or
33RIESGO
abrir ↗GitHub PoC
Esta falla permite a un atacante remoto y sin ningún tipo de autenticación acceder directamente a los tickets de soporte, casos internos y a todos sus archivos adjuntos confidenciales. Al iterar y descargar de forma automatizada los registros de Aranda, dejando la información sensible expuesta a una exfiltración masiva.
The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs w
41RIESGO
abrir ↗GitHub PoC
Log4Shell (CVE-2021-44228) defense lab — nginx + Coraza WAF dynamic module + OWASP CRS v4. Educational use only.
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC★ 1
melikesraoz/cve-2022-39227-jwt-auth-bypass-demo
Python-jwt subject to Authentication Bypass by Spoofing
48RIESGO
abrir ↗GitHub PoC
kaleth4/CVE-2021-44228
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC
Analysis and PoC for CVE-2018-14847, MikroTik RouterOS Winbox information disclosure vulnerability allowing unauthenticated read access to the credential database.
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated
100RIESGO
abrir ↗GitHub PoC
Multiple CVEs (CVE-2026-38934, CVE-2026-38935, CVE-2026-38936) discovered in diskover-community including CSRF and XSS vulnerabilities with proof-of-concept and impact analysis.
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker
41RIESGO
abrir ↗GitHub PoC
A black box penetration test on HackTheBox's CCTV machine achieving full root compromise via four vulnerabilities: default credentials, SQL injection (CVE-2024-51482), password hash cracking, and Remote Code Execution in motionEye (CVE-2025-60787)
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RIESGO
abrir ↗GitHub PoC
A black box penetration test on HackTheBox's CCTV machine achieving full root compromise via four vulnerabilities: default credentials, SQL injection (CVE-2024-51482), password hash cracking, and Remote Code Execution in motionEye (CVE-2025-60787)
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.