Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
71.180 exploits
GitHub PoC
rootdirective-sec/CVE-2026-44338-Lab
CVE-2026-44338HIGH15 may 2026
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
61RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2012-3152CRITICALbajo ataque15 may 2026
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
100RIESGO
abrir
GitHub PoC
CVE-2026-44338
CVE-2026-44338HIGH15 may 2026
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
61RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-32432CRITICALbajo ataque15 may 2026
Craft CMS Allows Remote Code Execution
100RIESGO
abrir
GitHub PoC
Tester for CVE-2026-43284
CVE-2026-43284HIGH15 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
# CVE-2026-42154 — Prometheus Remote Read Snappy DoS
CVE-2026-42154HIGH15 may 2026
Prometheus: remote read endpoint allows denial of service via crafted snappy payload
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-22204MEDIUMbajo ataque14 may 2026
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code exec
100RIESGO
abrir
VulnCheck XDB
denial-of-service
CVE-2011-319214 may 2026
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attac
60RIESGO
abrir
GitHub PoC1
CVE-2026-44403-WingFTP-v8.1.2-POC-Exploit
CVE-2026-44403HIGH14 may 2026
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RIESGO
abrir
Exploit-DB
ePati Antikor NGFW 2.0.1301 - Authentication Bypass
CVE-2026-2624CRITICAL14 may 2026
Authentication Bypass in ePati's Antikor NGFW
48RIESGO
abrir
GitHub PoC
Test repo: simulates CVE-2025-30066 style compromised GitHub Action (for security research/testing chainradar)
CVE-2025-30066HIGHbajo ataque14 may 2026
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 thr
83RIESGO
abrir
GitHub PoC
A comprehensive full-lifecycle penetration testing project on Joomla 4.2.5 exploiting CVE-2023-23752 inside a Dockerized lab environment
CVE-2023-23752MEDIUMbajo ataque14 may 2026
[20230201] - Core - Improper access check in webservice endpoints
100RIESGO
abrir
Exploit-DB
PJPROJECT 2.16 - Heap Bufferoverflow
CVE-2026-25994HIGH14 may 2026
PJSIP has a heap buffer overflow in ICE with long username
41RIESGO
abrir
GitHub PoC
User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter
CVE-2026-6145MEDIUM14 may 2026
User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter
33RIESGO
abrir
GitHub PoC
0xFuffM3/CVE-2026-31431-CopyFail
CVE-2026-31431HIGHbajo ataque14 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC33
Nginx Rewrite CVE Scan(CVE-2026-42945 nginx-rift CVE-2026-9256)
CVE-2026-42945CRITICAL14 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC1
CVE-2026-46300
CVE-2026-46300HIGH14 may 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
GitHub PoC1
Sentebale/CVE-2026-46300
CVE-2026-46300HIGH14 may 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
Metasploit300
Linux Kernel __ptrace_may_access() Exit Race chage File Disclosure
CVE-2026-46333HIGH14 may 2026
ptrace: slightly saner 'get_dumpable()' logic
56RIESGO
abrir
GitHub PoC1
Scan your NGINX configuration to determine whether it is affected by CVE-2026-42945.
CVE-2026-42945CRITICAL14 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC5
CVE-2026-8181 - Burst Statistics 3.4.0-3.4.1.1 Unauthenticated Authentication Bypass to Admin Account Takeover | Proof of Concept
CVE-2026-8181CRITICAL14 may 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RIESGO
abrir
GitHub PoC15
p3Nt3st3r-sTAr/CVE-2026-42945-POC
CVE-2026-42945CRITICAL14 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
A CopyFail CVE-2026-31431 implementation in python that isnt slop! Bring your own payload
CVE-2026-31431HIGHbajo ataque14 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
ydking0911/CVE-2026-4060-PoC
CVE-2026-4060HIGH14 may 2026
Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'sort' Parameter
41RIESGO
abrir
Exploit-DB
WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI
CVE-2026-4257CRITICAL14 may 2026
Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality
75RIESGO
abrir
GitHub PoC2
CVE-2026-42945
CVE-2026-42945CRITICAL14 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC46
exploit for CVE-2026-42945
CVE-2026-42945CRITICAL14 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
These detection scripts are property of the SECPlayground Platform. Two safe detection scripts. Neither drives the close_notify-mid-BDAT trigger, so they will not crash the daemon or leave panic-log entries. Both verdicts are "likely vulnerable" — distinguishing GnuTLS from OpenSSL builds remotely is not reliable without exploitation.
CVE-2026-45185CRITICAL14 may 2026
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing p
48RIESGO
abrir
GitHub PoC1
Proof of concept exploit for CVE-2026-46391
CVE-2026-46391HIGH14 may 2026
HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis
41RIESGO
abrir
GitHub PoC2
nanwinata/nginxrift-CVE-2026-42945
CVE-2026-42945CRITICAL14 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
anteriorpágina 58 / 2373siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.