Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
71.171 exploits
GitHub PoC
Xmyronn/CVE-2026-11344-RCE
CVE-2026-11344MEDIUM19 may 2026
code-projects Vehicle Management System New Driver Registration Form newdriver.php unrestricted upload
33RIESGO
abrir
GitHub PoC1
A report on Dirty Frag, which is a Linux Local Privilege Escalation (LPE) vulnerability chain that allows an unprivileged user to gain root access
CVE-2026-43284HIGH19 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC1
Dirty Frag - kernel Linux critical Vulnerability
CVE-2026-43284HIGH19 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
PwnKit (CVE-2021-4034) Safe Checker This tool performs read-only checks and does not attempt exploitation.
CVE-2021-4034HIGHbajo ataque19 may 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir
GitHub PoC
SMB Red Team Lab— NTLM Relay via LLMNR Poisoning, CVE-2007-2447, NTLMv2 Hash Cracking & NT AUTHORITY\SYSTEM on Windows 10
CVE-2007-244719 may 2026
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RIESGO
abrir
GitHub PoC
suil12/CVE-2025-24813_presentation
CVE-2025-24813CRITICALbajo ataque19 may 2026
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RIESGO
abrir
GitHub PoC
Writeup da sala Blue do TryHackMe — exploração do EternalBlue (MS17-010/CVE-2017-0143).
CVE-2017-0143HIGHbajo ataqueransomware19 may 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
GitHub PoC1
This repository provides proof of concept (PoC) for the CVE-2021-4034
CVE-2021-4034HIGHbajo ataque18 may 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir
GitHub PoC
A lightweight Python-based security assessment tool for detecting dangerous Cross-Origin Resource Sharing (CORS) misconfigurations - CVE-2025-34291.
CVE-2025-34291CRITICALbajo ataque18 may 2026
Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2024-27198CRITICALbajo ataqueransomware18 may 2026
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RIESGO
abrir
GitHub PoC
CVE-2026-46300 / CVE-2026-43500 / CVE-2026-31431 / CVE-2026-43284 golang hotfix
CVE-2026-46300HIGH18 may 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
VulnCheck XDB
local
CVE-2021-4034HIGHbajo ataque18 may 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir
GitHub PoC
LAT-06/CVE-2026-34197
CVE-2026-34197HIGHbajo ataque18 may 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RIESGO
abrir
GitHub PoC1
这是一个面向防守和内网排查的 Apache ActiveMQ Classic 暴露面检测工具,用于辅助评估 CVE-2026-34197 相关风险。
CVE-2026-34197HIGHbajo ataque18 may 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RIESGO
abrir
VulnCheck XDB
local
CVE-2020-17103HIGH18 may 2026
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
46RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALbajo ataqueransomware18 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
Attack and Defense course project focused on CVE-2017-5638 analysis, exploitation, and mitigation.
CVE-2017-5638CRITICALbajo ataqueransomware18 may 2026
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RIESGO
abrir
GitHub PoC6
Research artifacts, PoC scripts, and lab assets for the Copy Fail Linux local privilege escalation writeup on https://4xura.com/binex/kernel/copy-fail
CVE-2026-31431HIGHbajo ataque18 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
This repository contains information about the CVE-2026-36438
CVE-2026-36438MEDIUM18 may 2026
An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information
33RIESGO
abrir
GitHub PoC
Local Privilege Escalation. Flips the running user's UID to 0 in /etc/passwd's page cache, then invokes su for a root shell.
CVE-2026-31431HIGHbajo ataque18 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Detection and mitigation tooling for CVE-2026-31431 (Copy Fail) on Linux kernels. Includes Phalanx-CCS and Silent4Labs scripts plus an Ansible playbook to apply temporary mitigation (block algif_aead module or boot parameter) across servers.
CVE-2026-31431HIGHbajo ataque18 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Research environment and validation scripts for evaluating deserialization behaviors in MLflow and MLServer.
CVE-2026-0596CRITICAL18 may 2026
Command Injection in mlflow/mlflow
48RIESGO
abrir
GitHub PoC
CaginKyr/CVE-2026-5203
CVE-2026-5203MEDIUM18 may 2026
CMS Made Simple UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder path traversal
33RIESGO
abrir
GitHub PoC
Technical breakdown of CVE-2026-34472, an auth bypass via leaked credentials affecting ZTE H188A routers.
CVE-2026-34472HIGH18 may 2026
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RIESGO
abrir
GitHub PoC
a.k.a. React2Shell
CVE-2025-55182CRITICALbajo ataqueransomware18 may 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC3
暂无
CVE-2026-39636MEDIUM18 may 2026
WordPress Livemesh Addons for Elementor plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability
33RIESGO
abrir
GitHub PoC1
IOC checker for the TanStack/Mini Shai-Hulud npm supply chain attack (CVE-2026-45321)
CVE-2026-45321CRITICALbajo ataqueransomware18 may 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir
GitHub PoC
Ne0zer01/CVE-2024-27198_LAB
CVE-2024-27198CRITICALbajo ataqueransomware18 may 2026
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RIESGO
abrir
GitHub PoC4
IKEv2, ikeext.dll, CVE-2026-33824, double free, heap grooming, ROP, SKF fragmentation, Windows exploit, anti-debug, obfuscation, API hooking, shellcode, reverse shell
CVE-2026-33824CRITICAL18 may 2026
Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
60RIESGO
abrir
GitHub PoC
Laboratorio automatizado Plug & Play en Docker para auditar y estudiar la vulnerabilidad Log4Shell (CVE-2021-44228)
CVE-2021-44228CRITICALbajo ataqueransomware18 may 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
anteriorpágina 53 / 2373siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.