Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
13.140 exploits
GitHub PoC
powerfull rust cve-2025-55182-scanner used for ctf & ethical purpose only
CVE-2025-55182CRITICALbajo ataqueransomware10 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC2
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file.
CVE-2023-6553CRITICAL10 abr 2026
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RIESGO
abrir
GitHub PoC
Browser-based MCP CTF — OAuth token confusion and session isolation failure (CVE-2025-49596 pattern). DevTools only.
CVE-2025-49596CRITICAL10 abr 2026
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
75RIESGO
abrir
GitHub PoC
PoC of CVE-2021-44228
CVE-2021-44228CRITICALbajo ataqueransomware10 abr 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
GitHub PoC
Estudio técnico de la vulnerabilidad CVE-2025-5548
CVE-2025-5548MEDIUM10 abr 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RIESGO
abrir
GitHub PoC6
High-interaction honeypot mimicking a vulnerable Laravel/Livewire app. Captures RCE exploits and webshells targeting CVE-2024-47823, CVE-2025-54068, and CVE-2025-14894, then analyzes them in sandboxed Docker containers to extract IOCs.
CVE-2025-54068CRITICALbajo ataque10 abr 2026
Livewire vulnerable to remote command execution during property update hydration
100RIESGO
abrir
GitHub PoC1
Hunt-Benito/samsung-exynos-sms-stack-overflow-cve-2025-54328-critical-zero-click-baseband-rce
CVE-2025-54328CRITICAL10 abr 2026
An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 21
48RIESGO
abrir
GitHub PoC
CVE-2025-55182 Auto Scanner - Improved Version For authorized CTF/testing purposes only
CVE-2025-55182CRITICALbajo ataqueransomware10 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
CVE-2025-55182 (React2Shell) PoC: Unauthenticated RCE affecting React 19.x and Next.js < 15.1.4. Exploits vulnerabilities in the RSC Flight protocol.
CVE-2025-55182CRITICALbajo ataqueransomware10 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
CVE-2021-22911 Rocket.Chat NoSQL Injection RCE Exploit - Educational Purpose
CVE-2021-2291110 abr 2026
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RIESGO
abrir
GitHub PoC
Improper Access Control in Mysterium Node before v1.36.0
CVE-2026-31309CRITICAL10 abr 2026
Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node from v1.21.1-rc0 before v1.36.0 allows a
48RIESGO
abrir
GitHub PoC
Educational Proof-of-Concept for the CVE-2022-30190 (Follina) vulnerability.
CVE-2022-30190HIGHbajo ataqueransomware10 abr 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC
Demo to remediate CVE-2023-20198 using forward networks and tines
CVE-2023-20198CRITICALbajo ataque10 abr 2026
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RIESGO
abrir
GitHub PoC2
CVE-2025-63353
CVE-2025-63353CRITICAL09 abr 2026
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-s
48RIESGO
abrir
GitHub PoC
Unauthenticated RCE vulnerability in Fuel CMS 1.4.1.
CVE-2018-1676309 abr 2026
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This ca
60RIESGO
abrir
GitHub PoC
Majdae/CVE-2025-47812-Research
CVE-2025-47812CRITICALbajo ataque09 abr 2026
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir
GitHub PoC
CVE-2025-32433
CVE-2025-32433CRITICALbajo ataque09 abr 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
GitHub PoC
CVE-2024-3094 - XZ Utils Backdoor
CVE-2024-3094CRITICAL09 abr 2026
Xz: malicious code in distributed source
70RIESGO
abrir
GitHub PoC
kaleth4/CVE-2014-6271
CVE-2014-6271CRITICALbajo ataque09 abr 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
GitHub PoC
Performed a live cybersecurity assessment on a university Linux server. During analysis, active attack activity was identified, including brute-force authentication attempts and exploitation attempts targeting Log4Shell (CVE-2021-44228).
CVE-2021-44228CRITICALbajo ataqueransomware09 abr 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
GitHub PoC
Exploiting WordPress vulnerabilities (CVE-2025-34077), authentication bypass via cookie injection, and privilege escalation to root. Part of my Cybersecurity Specialization.
CVE-2025-34077CRITICAL09 abr 2026
WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE
63RIESGO
abrir
GitHub PoC
kaleth4/-CVE-2014-6271
CVE-2014-6271CRITICALbajo ataque09 abr 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
GitHub PoC
Xibo CMS CVE-2023-33177 Vulnerability Tester
CVE-2023-33177HIGH09 abr 2026
Xibo CMS vulnerable to Remote Code Execution through Zip Slip
41RIESGO
abrir
GitHub PoC
HackTheBox — Pterodactyl (Medium/Linux) walkthrough. CVE-2025-49132 LFI → pearcmd RCE → bcrypt crack → SSH. Privesc via CVE-2025-6018 (PAM pam_environment bypass) + CVE-2025-6019 (udisks2 XFS resize race condition, nosuid bypass) → root. Full notes and steps included.
CVE-2025-49132CRITICAL08 abr 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir
GitHub PoC
doaso/CVE-2023-42115
CVE-2023-42115CRITICAL08 abr 2026
Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
53RIESGO
abrir
GitHub PoC
Security review уязвимости CVE-2024-3094 с открытым исходным кодом
CVE-2024-3094CRITICAL08 abr 2026
Xz: malicious code in distributed source
70RIESGO
abrir
GitHub PoC
cyb3rk0ala/THM-MagnusBilling-CVE-2023-30258-Exploit
CVE-2023-30258CRITICAL08 abr 2026
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary com
85RIESGO
abrir
GitHub PoC
CVE-2020-1938-Tomcat-AJP(Ghostcat)-Analysis
CVE-2020-1938CRITICALbajo ataque08 abr 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RIESGO
abrir
GitHub PoC
CVE-2026-32646: Missing Authentication on Admin Device Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-32646HIGH07 abr 2026
Gardyn Cloud API Missing Authentication for Critical Function
41RIESGO
abrir
GitHub PoC
CVE-2026-32662: Active Debug Code in Production — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-32662MEDIUM07 abr 2026
Gardyn Cloud API Active Debug Code
33RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.