Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
13.140 exploits
GitHub PoC6
Chatwoot SQL injection in FilterService
CVE-2026-44706HIGH31 mar 2026
Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values
41RIESGO
abrir
GitHub PoC
wtbacon/cve-2018-15473
CVE-2018-15473MEDIUM31 mar 2026
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RIESGO
abrir
GitHub PoC
This repository contains a proof-of-concept (PoC) exploit for CVE-2024-11680, a critical vulnerability in ProjectSend r1605 and earlier versions. The exploit is aimed at incorrect authentication due to problems with incorrect privilege settings and command injection.
CVE-2024-11680CRITICALbajo ataque31 mar 2026
ProjectSend Unauthenticated Configuration Modification
100RIESGO
abrir
GitHub PoC
kaleth4/CVE-2024-6387
CVE-2024-6387HIGH31 mar 2026
Openssh: regresshion - race condition in ssh allows rce/dos
63RIESGO
abrir
GitHub PoC
Hoverfly CVE RCE
CVE-2025-54123CRITICAL31 mar 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RIESGO
abrir
GitHub PoC1
CVE-2022-46364 Apache CXF XOP:Include SSRF / LFI
CVE-2022-46364CRITICAL31 mar 2026
Apache CXF SSRF Vulnerability
48RIESGO
abrir
GitHub PoC3
Automating the exploitation of CVE-2026-7299 - Stored XSS via Database Table/Column Names in SQL Autocomplete within Appsmith =>1.99. Initial discovery 30/03/26
CVE-2026-7299MEDIUM31 mar 2026
CVE-2026-7299
33RIESGO
abrir
GitHub PoC
Setup and exploit recreation for CVE-2022-42889 Text4Shell.
CVE-2022-4288930 mar 2026
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RIESGO
abrir
GitHub PoC
CVE-2022-22947 vulnerability task
CVE-2022-22947CRITICALbajo ataque30 mar 2026
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RIESGO
abrir
GitHub PoC
PoC CVE-2025-54123 - Hoverfly <= 1.11.3 - Authenticated Middleware Command Injection
CVE-2025-54123CRITICAL30 mar 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RIESGO
abrir
GitHub PoC
amikanev/CVE-2025-55182-LAB
CVE-2025-55182CRITICALbajo ataqueransomware30 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC1
akelaqe/CVE-2024-27348-HugeGraph-RCE
CVE-2024-27348CRITICALbajo ataque30 mar 2026
Apache HugeGraph-Server: Command execution in gremlin
100RIESGO
abrir
GitHub PoC
vettrivel007/CVE-2024-1086
CVE-2024-1086HIGHbajo ataqueransomware30 mar 2026
Use-after-free in Linux kernel's netfilter: nf_tables component
76RIESGO
abrir
GitHub PoC
CVE-2024-6387 OpenSSH 信号竞争漏洞(regreSSHion)分析报告及检测脚本
CVE-2024-6387HIGH30 mar 2026
Openssh: regresshion - race condition in ssh allows rce/dos
63RIESGO
abrir
GitHub PoC
JacobTaylor3/CVE-2021-21220
CVE-2021-21220HIGHbajo ataque30 mar 2026
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RIESGO
abrir
GitHub PoC
Apache ActiveMQ (CVE-2023-46604) zafiyetinden LockBit ransomware aşamasına uzanan 419 saatlik sızma vakasının uçtan uca analizi, SIEM korelasyon kuralları ve IOC listesi.
CVE-2023-46604CRITICALbajo ataqueransomware30 mar 2026
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RIESGO
abrir
GitHub PoC
0x0asif/CVE-2025-55182
CVE-2025-55182CRITICALbajo ataqueransomware29 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
CVE-2025-54123 exploit and documentation
CVE-2025-54123CRITICAL29 mar 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RIESGO
abrir
GitHub PoC2
This vulnerability allows an attacker to perform SSRF (Server-Side Request Forgery) attacks on Apache CXF webservices that accept MTOM/XOP requests. The issue exists in how the href attribute of xop:Include is parsed, allowing arbitrary URLs to be requested by the server.
CVE-2022-46364CRITICAL29 mar 2026
Apache CXF SSRF Vulnerability
48RIESGO
abrir
GitHub PoC1
Shashivanth009/CVE-2022-46364---Apache-CXF-XOP-Include-LFI-PoC
CVE-2022-46364CRITICAL29 mar 2026
Apache CXF SSRF Vulnerability
48RIESGO
abrir
GitHub PoC7
CVE-2022-46364-Poc Apache CXF SSRF via MTOM XOP:Include
CVE-2022-46364CRITICAL28 mar 2026
Apache CXF SSRF Vulnerability
48RIESGO
abrir
GitHub PoC
BOLA/IDOR vulnerability in osTicket ajax.tickets.php | Responsible Disclosure
CVE-2026-14871HIGH28 mar 2026
osTicket v1.18.3 - v1.17.7 - BOLA/IDOR in ticket field viewing allows cross-department data disclosure
38RIESGO
abrir
GitHub PoC
A PoC demonstrating a RCE in Hoverfly (versions ≤ 1.11.3) by abusing the /api/v2/hoverfly/middleware endpoint and injecting a malicious middleware script
CVE-2025-54123CRITICAL28 mar 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RIESGO
abrir
GitHub PoC
Explota vulnerabilidad
CVE-2023-43208CRITICALbajo ataqueransomware28 mar 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RIESGO
abrir
GitHub PoC4
Chrome extension that uses vulnerabilities CVE-2021-33044 and CVE-2021-33045 to log in to Dahua cameras without authentication.
CVE-2021-33044CRITICALbajo ataque28 mar 2026
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RIESGO
abrir
GitHub PoC7
CVE-2025-54123 Hoverfly Authenticated Middleware Command Injection RCE
CVE-2025-54123CRITICAL28 mar 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RIESGO
abrir
GitHub PoC
Drupal 7 CMS vulnerable to CVE-2018-7600 (Drupalgeddon2), allowing unauthenticated remote code execution.
CVE-2018-7600CRITICALbajo ataqueransomware27 mar 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RIESGO
abrir
GitHub PoC
Conducted a full SOC investigation into a Conti ransomware compromise of an Exchange server using Splunk 8.2.2. Analysed 28,145 events across Windows Security, Sysmon, and IIS log sources to reconstruct the complete attack chain. Identified three exploited CVEs (CVE-2020-0796, CVE-2018-13374, CVE-2018-13379), located a trojanised cmd.exe
CVE-2018-13374MEDIUMbajo ataqueransomware27 mar 2026
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 al
75RIESGO
abrir
GitHub PoC
Conducted a full SOC investigation into a Conti ransomware compromise of an Exchange server using Splunk 8.2.2. Analysed 28,145 events across Windows Security, Sysmon, and IIS log sources to reconstruct the complete attack chain. Identified three exploited CVEs (CVE-2020-0796, CVE-2018-13374, CVE-2018-13379), located a trojanised cmd.exe
CVE-2020-0796CRITICALbajo ataqueransomware27 mar 2026
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RIESGO
abrir
GitHub PoC
BastianXploited/CVE-2025-6440
CVE-2025-6440CRITICAL27 mar 2026
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.