Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.180 exploits
GitHub PoC
Safe Python scanner for Cisco CVE-2025-20333 (Cisco ASA/FTD WebVPN Buffer Overflow)
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secu
90RIESGO
abrir ↗GitHub PoC
Read-only WordPress User Registration CVE-2026-1492 checker for hidden admins, plugin version, uploads PHP, cron, and compromise IOCs.
User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration
68RIESGO
abrir ↗GitHub PoC
Estudio del bug CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Apache Axis1.4 远程命令执行漏洞利用工具 - CVE-2019-0227,支持随机化服务名和Webshell文件名
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2
45RIESGO
abrir ↗GitHub PoC
Safe Python scanner for CVE-2025-20362 (Cisco ASA/FTD WebVPN Authentication Bypass)
Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Softwar
100RIESGO
abrir ↗GitHub PoC
This exploit is based on CVE-2023-26360 (https://nvd.nist.gov/vuln/detail/CVE-2023-26360) and was built on top of the Metasploit module and the jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit.
Adobe ColdFusion Improper Access Control Arbitrary code execution
100RIESGO
abrir ↗GitHub PoC★ 2
PoC for CVE-2026-6433: WordPress FlipperCode Custom CSS, JS & PHP (≤2.0.7) — unauthenticated SQLi to RCE. Python 3 stdlib; single target or bulk multi-threaded scanning. Authorized testing & research only.
Custom CSS JS PHP <= 2.0.7 - Unauthenticated SQL Injection to RCE
56RIESGO
abrir ↗GitHub PoC
Intentionally vulnerable Log4j 2.14.1 demo for Sysdig CNAPP scanning (CVE-2021-44228)
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir ↗GitHub PoC
Safe Python scanner for CVE-2020-3452 (Cisco ASA/FTD WebVPN Directory Traversal)
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability
100RIESGO
abrir ↗GitHub PoC
Python toolkit to audit Apache HTTP Server against CVE-2026-23918 (HTTP/2 double-free RCE) and 4 related CVEs. Passive scanner with ALPN verification + read-only local auditor. No exploits.
Apache HTTP Server: http2: double free and possible RCE on early reset
53RIESGO
abrir ↗GitHub PoC★ 4
CVE-2026-38526 | Krayin CRM v2.2.x Authenticated RCE - Unrestricted PHP File Upload via TinyMCE
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RIESGO
abrir ↗GitHub PoC
CVE-2026-8181: Burst Statistics Auth Bypass → REST API takeover & admin creation. Python 2.7. Educational use only.
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir ↗GitHub PoC
Exploit for the CVE-2026-8181 - Burst Statistics WordPress Plugin Authentication Bypass
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir ↗VulnCheck XDB
initial-access
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir ↗GitHub PoC★ 13
Evince/xreader/Atril RCE exploit to CVE-2026-46529
PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
41RIESGO
abrir ↗GitHub PoC
CVE-2026-39987
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RIESGO
abrir ↗GitHub PoC
CVE-2026-45091
sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)
48RIESGO
abrir ↗GitHub PoC
Maxime288/CVE-2026-31431-Copy-Fail-R-pertoire-de-Pr-vention
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 2
Automated Metasploit post-exploitation module for CVE-2026-31431 ("Copy Fail"). Weaponizes a deterministic logic flaw in the Linux kernel AF_ALG subsystem to achieve local privilege escalation (LPE) to root by safely corrupting a setuid binary directly in the shared Page Cache (RAM) without modifying files on disk
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 2
CVE-2026-8181 PoC: Burst Statistics (3.4.0–3.4.1.1) authentication bypass. Python tool — single & multi-target scans, threaded workers, TXT reports. Authorized testing only. Maintainer: mürrez.
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir ↗GitHub PoC
LangFlow RCE | CVE-2026-0770 | Proof-Of-Concept
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RIESGO
abrir ↗VulnCheck XDB
initial-access
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.