Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
13.140 exploits
GitHub PoC
Analysis and exploitation of a Next.js authorization bypass vulnerability (CVE-2025-29927)
CVE-2025-29927CRITICAL04 abr 2026
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
GitHub PoC
Pre-authentication LFI Lead to RCE
CVE-2026-39938CRITICAL04 abr 2026
Cacti: Unauthenticated RCE on Graph Image
48RIESGO
abrir
GitHub PoC
vettrivel007/CVE-2024-49138
CVE-2024-49138HIGHbajo ataque04 abr 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RIESGO
abrir
GitHub PoC
Technical analysis of CVE-2025-55182 (React2Shell RCE vulnerability)
CVE-2025-55182CRITICALbajo ataqueransomware04 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC1
TP-Link Router Authenticated RCE Exploit (CVE-2022-30075) Bu araç, TP-Link Archer AX50 ve bazı diğer TP-Link router modellerinde bulunan **CVE-2022-30075** güvenlik açığını kullanarak kimliği doğrulanmış uzaktan komut çalıştırma (Authenticated Remote Code Execution) işlemi gerçekleştirir.
CVE-2022-3007503 abr 2026
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote
35RIESGO
abrir
GitHub PoC
tryj/CVE-2012-1823---PHP-CGI---RCE
CVE-2012-1823CRITICALbajo ataque03 abr 2026
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
100RIESGO
abrir
GitHub PoC1
Exploit CVE-2022-46363
CVE-2022-46364CRITICAL03 abr 2026
Apache CXF SSRF Vulnerability
48RIESGO
abrir
GitHub PoC2
Perforce security research and tools - CVE-2026-6043
CVE-2026-6043HIGH03 abr 2026
Insecure Default Configuration in P4 Server
41RIESGO
abrir
GitHub PoC1
Bash script to detect CVE-2025-55182 (React2Shell) and credential exposure in Next.js projects. Zero dependencies.
CVE-2025-55182CRITICALbajo ataqueransomware03 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
CVE-2025-59059: Misattributed RCE in Apache Ranger Static Analysis Correction
CVE-2025-59059CRITICAL03 abr 2026
Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator
48RIESGO
abrir
GitHub PoC
nicostan15/CVE-2022-46169
CVE-2022-46169CRITICALbajo ataque02 abr 2026
Unauthenticated Command Injection
100RIESGO
abrir
GitHub PoC
Full penetration test report against `IP` (Ubuntu VM). Attack chain: directory enumeration → backup file discovery → password cracking → CMS file upload → reverse shell → kernel privilege escalation (Dirty Pipe, CVE-2022-0847).
CVE-2022-0847HIGHbajo ataque02 abr 2026
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RIESGO
abrir
GitHub PoC
🛡️ SSH User Enumeration (CVE-2018-15473). Python 3, multihilo y calibración anti-falsos positivos. 🧵
CVE-2018-15473MEDIUM02 abr 2026
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RIESGO
abrir
GitHub PoC
CVE-2025-29927 - Next.js漏洞测试工具
CVE-2025-29927CRITICAL02 abr 2026
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
GitHub PoC
CVE-2025-55182
CVE-2025-55182CRITICALbajo ataqueransomware02 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
This repository contains a comprehensive security assessment of an enterprise LAN environment. The core focus of this project was the identification, exploitation, and remediation of the **Shellshock (CVE-2014-6271)** vulnerability within a Linux-based web server.
CVE-2014-6271CRITICALbajo ataque02 abr 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
GitHub PoC
Second CVE still Remote Code Execution
CVE-2026-35196HIGH02 abr 2026
Chamilo LMS has OS Command Injection via export_all_certificates action
41RIESGO
abrir
GitHub PoC
Deliberately vulnerable Next.js application demonstrating CVE-2025-29927 (middleware-based auth bypass) for learning and bug bounty practice.
CVE-2025-29927CRITICAL02 abr 2026
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
GitHub PoC8
POC for CVE-2026-23416 (linux kernel 6.17 – linux kernel 7 rc5) - vulnerability discovered by Antonius
CVE-2026-2341602 abr 2026
mm/mseal: update VMA end correctly on merge
23RIESGO
abrir
GitHub PoC
📂 Grafana LFI Exploit (CVE-2021-43798). Extracción automatizada de credenciales y configuración. 🕵️
CVE-2021-43798HIGHbajo ataque02 abr 2026
Grafana path traversal
100RIESGO
abrir
GitHub PoC
Módulo de Metasploit para explotar CVE-2025-24054 (ex 24071). Exploit de filtración NTLM integrado en Metasploit para vectores de ataque basados en bibliotecas de Windows.
CVE-2025-24054MEDIUMbajo ataque01 abr 2026
NTLM Hash Disclosure Spoofing Vulnerability
75RIESGO
abrir
GitHub PoC1
Technical analysis of a SharePoint ToolShell (CVE-2025-53770) exploitation attempt involving RCE, webshell deployment, and MachineKey extraction.
CVE-2025-53770CRITICALbajo ataqueransomware01 abr 2026
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC
FortiGate CVE-2022-40684 assessment tool for user enumeration, configuration dump, and lab testing.
CVE-2022-40684CRITICALbajo ataqueransomware01 abr 2026
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 an
100RIESGO
abrir
GitHub PoC3
Detect, assess, and respond to supply chain attacks across npm/yarn and Python (pip/poetry/uv). Claude Code skill + standalone scripts. Built during axios RAT (2026-03-31) and Starlette BadHost CVE-2026-48710 (2026-05-22).
CVE-2026-48710MEDIUM01 abr 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RIESGO
abrir
GitHub PoC
kavin71725/CVE-2025-12543-Fix-for-Wildfly
CVE-2025-12543CRITICAL01 abr 2026
Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf
48RIESGO
abrir
GitHub PoC
CVE-2021-21220 Exploitation infrastructure
CVE-2021-21220HIGHbajo ataque01 abr 2026
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RIESGO
abrir
GitHub PoC
TLevente20/HTTP-2-RapidReset-CVE-2023-44487-Testlab
CVE-2023-44487HIGHbajo ataque01 abr 2026
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many
93RIESGO
abrir
GitHub PoC
Analisis de CVE relacionada con stack overflow
CVE-2025-5548MEDIUM01 abr 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RIESGO
abrir
GitHub PoC11
Full-chain exploit for CVE-2025-2783 (Ipcz Sandbox Escape & RCE).
CVE-2025-2783HIGHbajo ataque01 abr 2026
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RIESGO
abrir
GitHub PoC
Full penetration testing workflow: credential brute force, SSH access and privilege escalation (CVE-2021-4034)
CVE-2021-4034HIGHbajo ataque01 abr 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.