Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.171exploits catalogados
31.690CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8069Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.140 exploits
GitHub PoC
Saku0512/CVE-2026-35585-poc
File Browser has a Command Injection via Hook Runner
41RIESGO
abrir ↗GitHub PoC
This is a special panel that is used to send POC requests with the output of responses.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
[First-Blood-XO] React Server Component endpoint vulnerable to CVE-2025-55182 (RCE) → enumerated SUID binaries → /usr/bin/perl had SUID set → used Perl's POSIX setuid(0) to escalate to root → read /root/flag.txt
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
DonVorrin/CVE-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability
100RIESGO
abrir ↗GitHub PoC★ 1
CVE-2025-59528 - FlowiseAI CustomMCP Remote Code Execution
Flowise has Remote Code Execution vulnerability
85RIESGO
abrir ↗GitHub PoC★ 16
Combined PoC for CVE-2025-28434 and CVE-2025-59528
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RIESGO
abrir ↗GitHub PoC★ 1
CVE-2025-59528 Proof of Concept
Flowise has Remote Code Execution vulnerability
85RIESGO
abrir ↗GitHub PoC
Fork of gogs/gogs for reachability benchmark testing (CVE-2024-45337)
Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
48RIESGO
abrir ↗GitHub PoC★ 1
This repository contains a Proof of Concept (PoC) exploit for CVE-2023-6972.
Backup Migration <= 1.3.9 - Unauthenticated Path Traversal to Arbitrary File Deletion
48RIESGO
abrir ↗GitHub PoC
Security research and CVE write-ups by Steven Amador (HackinKraken) - CVE-2022-2650, CVE-2026-39338
ChurchCRM has Blind XSS via Global Search – Administrative Cookie Session Exfiltration
41RIESGO
abrir ↗GitHub PoC
Firefox extension for detecting and exploiting CVE-2025-55182 — Prototype Pollution RCE in Next.js React Server Actions
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
CVE-2025-58434 & CVE-2025-59528
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RIESGO
abrir ↗GitHub PoC★ 1
Critical unauthenticated kill chain leading to full RCE in FlowiseAI (CVE-2025-58434 + CVE-2025-59528)
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RIESGO
abrir ↗GitHub PoC
CVE-2025-58434 PoC
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RIESGO
abrir ↗GitHub PoC★ 2
Exploitation Silentium HTB-CTF
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RIESGO
abrir ↗GitHub PoC★ 1
kartik2005221/CVE-2025-58434-poc
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RIESGO
abrir ↗GitHub PoC★ 3
CVE-2025-58434 and CVE-2025-59528 chain POC
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RIESGO
abrir ↗GitHub PoC★ 1
RCE exploit for Gogs <= 0.13.3
File overwrite in file update API in Gogs
100RIESGO
abrir ↗GitHub PoC
Found 200+ vulnerabilities on scanme.nmap.org including CVE-2023-38408 (9.8 critical)
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remot
70RIESGO
abrir ↗GitHub PoC
0xMOGA/CVE-2023-4911-Lab
Glibc: buffer overflow in ld.so leading to privilege escalation
100RIESGO
abrir ↗GitHub PoC
Roundcube Webmail post-auth RCE via PHP object deserialization (CVE-2025-49113)
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RIESGO
abrir ↗GitHub PoC★ 4
GOGS RCE cve-2025-8110 python script that automates the whole attack chain of creating a repository with a symlink file pointing to .git/config and then triggering rce via a poisoned sshCommand on the config file.
File overwrite in file update API in Gogs
100RIESGO
abrir ↗GitHub PoC★ 2
CVE-2025-8110 — Gogs <= 0.13.3 Arbitrary File Write via Symlink Traversal in PutContents API
File overwrite in file update API in Gogs
100RIESGO
abrir ↗GitHub PoC★ 2
Kouf320/docker-lab-cve-2017-5638-cve-2021-41773
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RIESGO
abrir ↗GitHub PoC★ 2
Kouf320/docker-lab-cve-2017-5638-cve-2021-41773
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir ↗GitHub PoC
CVE-2025-69212 - OpenSTAManager has an OS Command Injection in P7M File Processing
OpenSTAManager has an OS Command Injection in P7M File Processing
48RIESGO
abrir ↗GitHub PoC
Real-world incident response for CVE-2025-55182 (React2Shell) — script injection, server remediation, and post-incident report
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
Proof-of-concept exploit for CVE-2019-15107 (Webmin <= 1.920) enabling unauthenticated RCE via command injection.
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnera
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.