Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
71.180 exploits
GitHub PoC
CVE-2026-41729 PoC
CVE-2026-41729HIGH13 may 2026
Spring Data REST SpEL Injection via Map Key in JSON Patch
41RIESGO
abrir
GitHub PoC
Reproduced the fileless LPE CVE‑2026‑31431 (“Copy Fail”) on Kali Linux, then built auditd, Sigma & YARA detections to catch this stealthy kernel exploit that leaves no disk footprint.
CVE-2026-31431HIGHbajo ataque13 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Controlled reproduction of CVE-2017-0144 (EternalBlue) in an isolated AWS EC2 lab — exploit analysis, Wireshark traffic capture, and MITRE ATT&CK mapping
CVE-2017-0144HIGHbajo ataqueransomware13 may 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RIESGO
abrir
GitHub PoC
A tiny explanation + PoC for CVE-2026-43284
CVE-2026-43284HIGH13 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
CVE-2026-44277
CVE-2026-44277CRITICAL13 may 2026
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticat
48RIESGO
abrir
GitHub PoC254
Full exploit code for CVE-2026-40369 - A Windows kernel arbitrary write vulnerability that allows browser sandbox escape from all browsers render process sandbox
CVE-2026-40369HIGH13 may 2026
Windows Kernel Elevation of Privilege Vulnerability
41RIESGO
abrir
GitHub PoC1
Analísis - POC - Mitigación
CVE-2026-31431HIGHbajo ataque13 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
CVE-2026-8196
CVE-2026-8196MEDIUM13 may 2026
JeecgBoot mLogin Endpoint LoginController.java authorization
33RIESGO
abrir
GitHub PoC
Checker and fixer for all 13 vulnerabilities in the Next.js May 2026 security release (CVE-2026-23870)
CVE-2026-23870HIGH13 may 2026
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpo
41RIESGO
abrir
GitHub PoC
this little script blocks the new splice-ram-privlilleg ecalation fastly befor the contributers do it ( CVE-2026-31431) (CopyFail fix)
CVE-2026-31431HIGHbajo ataque13 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
FrosterDL/CVE-2026-43284
CVE-2026-43284HIGH13 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque13 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque13 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
Exploit-DB
coreruleset 4.21.0 - Firewall Bypass
CVE-2026-21876CRITICAL13 may 2026
OWASP CRS has multipart bypass using multiple content-type parts
53RIESGO
abrir
GitHub PoC3
A Bash implementation of copyfail (CVE-2026-31431)
CVE-2026-31431HIGHbajo ataque13 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC6
🚀 CVE-2026-41940 cPanel/WHM Auth Bypass Exploit - Best Flow 💥 CRLF injection leads to auth bypass, session hijacking & account leak. ✅ Proxy, custom UA, keep-alive, retries, SSL verify, colored output, file save support. ⚡ Advanced PoC for pentesters.
CVE-2026-41940CRITICALbajo ataqueransomware12 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC
y0naldez/CVE-2024-28397-Js2Py-RCE
CVE-2024-28397MEDIUM12 may 2026
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RIESGO
abrir
GitHub PoC
sh4den/CVE-2026-31431-copyfail-aarch64
CVE-2026-31431HIGHbajo ataque12 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-6664HIGH12 may 2026
PgBouncer integer overflow in PgBouncer network packet parsing
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2021-3129CRITICALbajo ataqueransomware12 may 2026
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitra
100RIESGO
abrir
GitHub PoC
vutiendat323/CVE-2021-44228_Log4Shell
CVE-2021-44228CRITICALbajo ataqueransomware12 may 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2023-27163MEDIUM12 may 2026
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baske
48RIESGO
abrir
GitHub PoC29
PoC for CVE-2026-3609 - XIGNCODE3 xhunter1.sys handle leak enabling PPL bypass and LSASS dumping
CVE-2026-3609MEDIUM12 may 2026
XIGNCODE3 xhunter1.sys kernel driver contains a Privilege Escalation Vulnerability
33RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-5718HIGH12 may 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RIESGO
abrir
GitHub PoC1
rootdirective-sec/CVE-2026-5718-Lab
CVE-2026-5718HIGH12 may 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RIESGO
abrir
GitHub PoC
SystemVll/CVE-2026-31431-copyfail-aarch64
CVE-2026-31431HIGHbajo ataque12 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Quick mitigation and patch script for CVE-2026-31431 (Copy Fail) on Ubuntu/Debian VPS
CVE-2026-31431HIGHbajo ataque12 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque12 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque12 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-42945CRITICAL12 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
anteriorpágina 60 / 2373siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.