Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.114exploits catalogados
31.649CVEs con explotación pública
0probados en laboratorio
13.116 exploits
GitHub PoC
CMS Simple CVE Recode Script Python 3
CVE-2019-905325 abr 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir
GitHub PoC
Cybersecurity-Enthusiasts-CE/CVE-2025-55182-Researching-process
CVE-2025-55182CRITICALbajo ataqueransomware25 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
LoGGGG2402/CVE-2025-27407
CVE-2025-27407CRITICAL25 abr 2026
Remote code execution when loading a crafted GraphQL schema
48RIESGO
abrir
GitHub PoC
bhatbhupendra/Moniker-Link--CVE-2024-21413-
CVE-2024-21413CRITICALbajo ataque25 abr 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC1
im2sinister/CVE-2021-41773
CVE-2021-41773HIGHbajo ataqueransomware25 abr 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
GitHub PoC
DONKEY0xSHOT/CVE-2017-11882-Blocker
CVE-2017-11882HIGHbajo ataqueransomware25 abr 2026
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Mi
100RIESGO
abrir
GitHub PoC
Some Proof-of-Concept (POCs) for CVE-2025-29927, CVE-2026-27978, and CVE-2026-29057 in Next.js.
CVE-2025-29927CRITICAL25 abr 2026
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
GitHub PoC
patch-manager
CVE-2019-1428725 abr 2026
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and se
35RIESGO
abrir
GitHub PoC
Web application penetration testing project targeting a WordPress environment. Includes exploitation of CVE-2019-9978, reverse shell execution, post-exploitation steps, and full pentesting report.
CVE-2019-9978MEDIUMbajo ataque25 abr 2026
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RIESGO
abrir
GitHub PoC
CVE-2024-3273 — Authorized Penetration Test Report D-Link DNS-320L NAS | Client: Otonata
CVE-2024-3273HIGHbajo ataque25 abr 2026
D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection
100RIESGO
abrir
GitHub PoC2
CVE-2025-55177 + CVE-2025-43300: reverse-engineering the WhatsApp-ImageIO zero-click iOS chain, with interactive labs.
CVE-2025-55177MEDIUMbajo ataque24 abr 2026
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Bu
63RIESGO
abrir
GitHub PoC
AbokorMAHAMMADMOUSSE/CVE-2025-25279-Mattermost-Path-Traversal
CVE-2025-25279CRITICAL24 abr 2026
Arbitrary file read in Mattermost Boards via import & export board archive
53RIESGO
abrir
GitHub PoC
Runtime patches for algertc/alpr-dashboard: async logger fix and CVE-2025-29927 nginx mitigation
CVE-2025-29927CRITICAL24 abr 2026
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
GitHub PoC1
its simple Shellshock exploit
CVE-2014-6271CRITICALbajo ataque24 abr 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
GitHub PoC
End-to-end SOC investigation: CVE-2011-2523 kill chain, multi-source log correlation, incident report — MITRE ATT&CK T1190
CVE-2011-252324 abr 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir
GitHub PoC
HTB Season 10 - Pterodactyl machine writeup. Medium Linux box covering CVE-2025-49132 (Pterodactyl Panel RCE) and CVE-2025-6018/6019 (udisks2 privilege escalation).
CVE-2025-49132CRITICAL24 abr 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir
GitHub PoC
End-to-end cybersecurity project demonstrating detection and mitigation of CVE-2024-38063 using IDS, host-based monitoring, and virtual lab attack simulation.
CVE-2024-38063CRITICAL24 abr 2026
Windows TCP/IP Remote Code Execution Vulnerability
70RIESGO
abrir
GitHub PoC
Unauthenticated_RCE.CVE-2025-47812
CVE-2025-47812CRITICALbajo ataque24 abr 2026
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir
GitHub PoC
Poc for React2Shell CVE-2025-55182
CVE-2025-55182CRITICALbajo ataqueransomware24 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC2
CVE-2025-68645
CVE-2025-68645HIGHbajo ataque24 abr 2026
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1
98RIESGO
abrir
GitHub PoC
POC exploit for CVE-2026-25895 FUXA Unauthenticated Path Traversal -> Arbitrary File Write -> RCE
CVE-2026-25895CRITICAL24 abr 2026
FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
48RIESGO
abrir
GitHub PoC
Bug Bounty: CVE-2023-50839 IDOR identified in a third-party support component via 'gau' and 'Nuclei'. Despite perimeter redirects, the outdated software remained exposed. Confirmed through manual header analysis. Severity: 5.3 (Medium). Focused on Defense in Depth failures and PII protection. Status: Reported on Intigriti.
CVE-2023-50839CRITICAL24 abr 2026
WordPress JS Help Desk – Best Help Desk & Support Plugin <= 2.8.1 is vulnerable to SQL Injection
63RIESGO
abrir
GitHub PoC
Cybersecurity lab demonstrating exploitation of CVE-2017-0144 (EternalBlue) using Metasploit against a vulnerable Windows 7 VM, achieving SYSTEM-level access via Meterpreter. Includes full attack chain, post exploitation, and mitigation via MS17-010 patching, tested in an isolated ethical lab environment.
CVE-2017-0144HIGHbajo ataqueransomware23 abr 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
GitHub PoC
CVE-2024-3094
CVE-2024-3094CRITICAL23 abr 2026
Xz: malicious code in distributed source
70RIESGO
abrir
GitHub PoC1
Recreation and analysis of a curious logic error in Apache 2.4.49 that escalated to remote code execution
CVE-2021-41773HIGHbajo ataqueransomware23 abr 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
GitHub PoC
HackTheBox TwoMillion machine writeup — API abuse, command injection & CVE-2023-0386
CVE-2023-0386HIGHbajo ataque23 abr 2026
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities wa
86RIESGO
abrir
GitHub PoC
Find jenkins environment and checks for CVE-2024-23897
CVE-2024-23897CRITICALbajo ataqueransomware23 abr 2026
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RIESGO
abrir
GitHub PoC
Sanitized advisory for CVE-2025-51846 affecting CryptPad WebSocket handling.
CVE-2025-51846HIGH22 abr 2026
CryptPad unbounded WebSocket frame flood
41RIESGO
abrir
GitHub PoC
End-to-end simulation of detecting a root-less Android Drop Device (Casper) using Wazuh SIEM to capture Layer 7 attacks like Shellshock (CVE-2014-6271).
CVE-2014-6271CRITICALbajo ataque22 abr 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
GitHub PoC
Security toolkit for CVE-2025-55182 (React2Shell) — scan, detect, correlate, and test React Server Components RCE vulnerability
CVE-2025-55182CRITICALbajo ataqueransomware22 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.