Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.140 exploits
GitHub PoC
Analysis and exploitation of a Next.js authorization bypass vulnerability (CVE-2025-29927)
Authorization Bypass in Next.js Middleware
85RIESGO
abrir ↗GitHub PoC
Pre-authentication LFI Lead to RCE
Cacti: Unauthenticated RCE on Graph Image
48RIESGO
abrir ↗GitHub PoC
vettrivel007/CVE-2024-49138
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RIESGO
abrir ↗GitHub PoC
Technical analysis of CVE-2025-55182 (React2Shell RCE vulnerability)
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC★ 1
TP-Link Router Authenticated RCE Exploit (CVE-2022-30075) Bu araç, TP-Link Archer AX50 ve bazı diğer TP-Link router modellerinde bulunan **CVE-2022-30075** güvenlik açığını kullanarak kimliği doğrulanmış uzaktan komut çalıştırma (Authenticated Remote Code Execution) işlemi gerçekleştirir.
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote
35RIESGO
abrir ↗GitHub PoC
tryj/CVE-2012-1823---PHP-CGI---RCE
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
100RIESGO
abrir ↗GitHub PoC★ 2
Perforce security research and tools - CVE-2026-6043
Insecure Default Configuration in P4 Server
41RIESGO
abrir ↗GitHub PoC★ 1
Bash script to detect CVE-2025-55182 (React2Shell) and credential exposure in Next.js projects. Zero dependencies.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
CVE-2025-59059: Misattributed RCE in Apache Ranger Static Analysis Correction
Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator
48RIESGO
abrir ↗GitHub PoC
Full penetration test report against `IP` (Ubuntu VM). Attack chain: directory enumeration → backup file discovery → password cracking → CMS file upload → reverse shell → kernel privilege escalation (Dirty Pipe, CVE-2022-0847).
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RIESGO
abrir ↗GitHub PoC
🛡️ SSH User Enumeration (CVE-2018-15473). Python 3, multihilo y calibración anti-falsos positivos. 🧵
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RIESGO
abrir ↗GitHub PoC
CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
This repository contains a comprehensive security assessment of an enterprise LAN environment. The core focus of this project was the identification, exploitation, and remediation of the **Shellshock (CVE-2014-6271)** vulnerability within a Linux-based web server.
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗GitHub PoC
Second CVE still Remote Code Execution
Chamilo LMS has OS Command Injection via export_all_certificates action
41RIESGO
abrir ↗GitHub PoC
Deliberately vulnerable Next.js application demonstrating CVE-2025-29927 (middleware-based auth bypass) for learning and bug bounty practice.
Authorization Bypass in Next.js Middleware
85RIESGO
abrir ↗GitHub PoC★ 8
POC for CVE-2026-23416 (linux kernel 6.17 – linux kernel 7 rc5) - vulnerability discovered by Antonius
mm/mseal: update VMA end correctly on merge
23RIESGO
abrir ↗GitHub PoC
📂 Grafana LFI Exploit (CVE-2021-43798). Extracción automatizada de credenciales y configuración. 🕵️
Grafana path traversal
100RIESGO
abrir ↗GitHub PoC
Módulo de Metasploit para explotar CVE-2025-24054 (ex 24071). Exploit de filtración NTLM integrado en Metasploit para vectores de ataque basados en bibliotecas de Windows.
NTLM Hash Disclosure Spoofing Vulnerability
75RIESGO
abrir ↗GitHub PoC★ 1
Technical analysis of a SharePoint ToolShell (CVE-2025-53770) exploitation attempt involving RCE, webshell deployment, and MachineKey extraction.
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RIESGO
abrir ↗GitHub PoC
FortiGate CVE-2022-40684 assessment tool for user enumeration, configuration dump, and lab testing.
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 an
100RIESGO
abrir ↗GitHub PoC★ 3
Detect, assess, and respond to supply chain attacks across npm/yarn and Python (pip/poetry/uv). Claude Code skill + standalone scripts. Built during axios RAT (2026-03-31) and Starlette BadHost CVE-2026-48710 (2026-05-22).
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RIESGO
abrir ↗GitHub PoC
kavin71725/CVE-2025-12543-Fix-for-Wildfly
Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf
48RIESGO
abrir ↗GitHub PoC
CVE-2021-21220 Exploitation infrastructure
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RIESGO
abrir ↗GitHub PoC
TLevente20/HTTP-2-RapidReset-CVE-2023-44487-Testlab
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many
93RIESGO
abrir ↗GitHub PoC
Analisis de CVE relacionada con stack overflow
FreeFloat FTP Server NOOP Command buffer overflow
38RIESGO
abrir ↗GitHub PoC★ 11
Full-chain exploit for CVE-2025-2783 (Ipcz Sandbox Escape & RCE).
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RIESGO
abrir ↗GitHub PoC
Full penetration testing workflow: credential brute force, SSH access and privilege escalation (CVE-2021-4034)
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.