Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
13.140 exploits
GitHub PoC1
Apache Tomcat(CVE-2020-1938)漏洞验证脚本
CVE-2020-1938CRITICALbajo ataque07 abr 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RIESGO
abrir
GitHub PoC1
Ninja Forms File Uploads <= 3.3.26 - Unauthenticated Arbitrary File Upload to RCE (CVE-2026-0740)
CVE-2026-0740CRITICAL07 abr 2026
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RIESGO
abrir
GitHub PoC
sathish46-lab/CVE-2025-48384-submodule
CVE-2025-48384HIGHbajo ataque07 abr 2026
Git allows arbitrary code execution through broken config quoting
71RIESGO
abrir
GitHub PoC
e1st/CVE-2025-56015
CVE-2025-56015HIGH07 abr 2026
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint.
41RIESGO
abrir
GitHub PoC
thorat-shubham/JXL_Infotainment_CVE-2025-69515
CVE-2025-69515CRITICAL07 abr 2026
An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system int
48RIESGO
abrir
GitHub PoC
Este script es para uso educativo y en entornos autorizados como HackTheBox. El uso contra sistemas sin permiso explícito es ilegal.
CVE-2025-9074CRITICAL07 abr 2026
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RIESGO
abrir
GitHub PoC
CVE-2025-8088 is a critical path traversal vulnerability in WinRAR 7.12
CVE-2025-8088HIGHbajo ataque07 abr 2026
Path traversal vulnerability in WinRAR
93RIESGO
abrir
GitHub PoC
CVE-2025-13315
CVE-2025-13315CRITICAL07 abr 2026
Unauthenticated log access in Twonky Server
75RIESGO
abrir
GitHub PoC
Python Exploit for CVE: 2018-9276
CVE-2018-9276HIGHbajo ataque07 abr 2026
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RIESGO
abrir
GitHub PoC
CVE-2026-32662: Active Debug Code in Production — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-32662MEDIUM07 abr 2026
Gardyn Cloud API Active Debug Code
33RIESGO
abrir
GitHub PoC
CVE-2026-28767: Missing Authentication on Admin Notifications Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-28767MEDIUM07 abr 2026
Gardyn Cloud API Missing Authentication for Critical Function
33RIESGO
abrir
GitHub PoC
Project: vsFTPd 2.3.4 backdoor exploitation (CVE-2011-2523) on Metasploitable 2.
CVE-2011-252307 abr 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir
GitHub PoC
CVE-2026-32646: Missing Authentication on Admin Device Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-32646HIGH07 abr 2026
Gardyn Cloud API Missing Authentication for Critical Function
41RIESGO
abrir
GitHub PoC
CVE-2026-28766: Missing Authentication on User Account Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-28766CRITICAL07 abr 2026
Gardyn Cloud API Missing Authentication for Critical Function
48RIESGO
abrir
GitHub PoC4
PoC for CVE-2026-13585
CVE-2026-13585HIGH07 abr 2026
Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in
41RIESGO
abrir
GitHub PoC1
End-to-end vulnerability management lifecycle on Azure Windows Server 2025. Features OS patching and network-level compensating controls (NSG) to mitigate CVE-2025-14847.
CVE-2025-14847HIGHbajo ataque06 abr 2026
Zlib compressed protocol header length confusion may allow memory read
100RIESGO
abrir
GitHub PoC
avitoriagomes/CVE-2024-29988
CVE-2024-29988HIGHbajo ataque06 abr 2026
SmartScreen Prompt Security Feature Bypass Vulnerability
83RIESGO
abrir
GitHub PoC
zsxen/cve-2025-1974-lab
CVE-2025-1974CRITICAL06 abr 2026
ingress-nginx admission controller RCE escalation
85RIESGO
abrir
GitHub PoC
open-flaw/CVE-2025-49844
CVE-2025-49844CRITICAL06 abr 2026
Redis Lua Use-After-Free may lead to remote code execution
85RIESGO
abrir
GitHub PoC
amikanev/CVE-2025-23061-LAB
CVE-2025-23061CRITICAL06 abr 2026
Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NO
63RIESGO
abrir
GitHub PoC1
Exploit for CVE-2023-32749 affecting Pydio Cells 4.1.2 and earlier
CVE-2023-32749HIGH06 abr 2026
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying t
46RIESGO
abrir
GitHub PoC
PoC: CVE-2025-30065 incomplete fix bypass in Apache Parquet Java 1.15.1
CVE-2025-30065CRITICAL06 abr 2026
Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
60RIESGO
abrir
GitHub PoC
zsxen/CVE-2025-1974
CVE-2025-1974CRITICAL06 abr 2026
ingress-nginx admission controller RCE escalation
85RIESGO
abrir
GitHub PoC1
A comprehensive collection of 12 containerized web exploitation challenges covering CVE-2023-25690, WebAuthn bypasses, HTTP/3 smuggling, and advanced XSS/RCE chains
CVE-2023-25690CRITICAL05 abr 2026
Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy
70RIESGO
abrir
GitHub PoC
rachidafaf/bola-CVE-2023-27524
CVE-2023-27524HIGHbajo ataque05 abr 2026
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RIESGO
abrir
GitHub PoC
Um estudo de caso do CVE-2024-21413. Usado como parâmetro a sala do TryHackMe Moniker Link (CVE-2024-21413). Feito edições com claude code no exploit.
CVE-2024-21413CRITICALbajo ataque05 abr 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC
Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability.
CVE-2017-5638CRITICALbajo ataqueransomware05 abr 2026
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RIESGO
abrir
GitHub PoC
python code for CVE-2018-15473, using paramiko
CVE-2018-15473MEDIUM05 abr 2026
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RIESGO
abrir
GitHub PoC
Analysis and exploitation of a Next.js authorization bypass vulnerability (CVE-2025-29927)
CVE-2025-29927CRITICAL04 abr 2026
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
GitHub PoC
Technical analysis of CVE-2025-55182 (React2Shell RCE vulnerability)
CVE-2025-55182CRITICALbajo ataqueransomware04 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.