Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
71.180 exploits
VulnCheck XDB
client-side
CVE-2026-34621HIGHbajo ataque12 may 2026
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
71RIESGO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-42945CRITICAL12 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
CSRF (Cross-Site Request Forgery) vulnerability in gpEasy 1.5-16.3
CVE-2010-203912 may 2026
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijac
23RIESGO
abrir
GitHub PoC20
azefzafyoussef/CVE-2026-34621
CVE-2026-34621HIGHbajo ataque12 may 2026
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
71RIESGO
abrir
GitHub PoC
Are you get Tanstack Supply chain attack attack of 5/11? CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx
CVE-2026-45321CRITICALbajo ataqueransomware12 may 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir
GitHub PoC
🛡️ One-command scanner for CVE-2026-45321 — TanStack npm supply-chain attack
CVE-2026-45321CRITICALbajo ataqueransomware12 may 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir
GitHub PoC2
Dead.Letter CVE-2026-45185 EXIM Vulnerability Detection Script
CVE-2026-45185CRITICAL12 may 2026
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing p
48RIESGO
abrir
GitHub PoC1
Claude Code skill to scan machines for Mini Shai-Hulud (CVE-2026-45321) supply chain worm IOCs
CVE-2026-45321CRITICALbajo ataqueransomware12 may 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir
GitHub PoC1
Detect CVE-2026-45321 Mini Shai-Hulud supply chain compromise — scans for 170 npm + 2 PyPI poisoned packages across TanStack, Mistral AI, UiPath, OpenSearch, Guardrails AI
CVE-2026-45321CRITICALbajo ataqueransomware12 may 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir
GitHub PoC
Detects CVE-2026-45321 (TanStack supply chain compromise) and Mini Shai-Hulud worm artifacts. Scans node_modules, lockfiles, persistence hooks (Claude Code, VS Code, systemd, LaunchAgent), GitHub workflows, git history, C2 domains, and AI tool configs.
CVE-2026-45321CRITICALbajo ataqueransomware12 may 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-2492CRITICAL12 may 2026
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted req
48RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-5718HIGH12 may 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RIESGO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-6664HIGH12 may 2026
PgBouncer integer overflow in PgBouncer network packet parsing
41RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque12 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Working POC of CVE-2026-6664 written by Sonnet 4.6
CVE-2026-6664HIGH12 may 2026
PgBouncer integer overflow in PgBouncer network packet parsing
41RIESGO
abrir
GitHub PoC1
rootdirective-sec/CVE-2026-5718-Lab
CVE-2026-5718HIGH12 may 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RIESGO
abrir
GitHub PoC29
PoC for CVE-2026-3609 - XIGNCODE3 xhunter1.sys handle leak enabling PPL bypass and LSASS dumping
CVE-2026-3609MEDIUM12 may 2026
XIGNCODE3 xhunter1.sys kernel driver contains a Privilege Escalation Vulnerability
33RIESGO
abrir
GitHub PoC
sh4den/CVE-2026-31431-copyfail-aarch64
CVE-2026-31431HIGHbajo ataque12 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2023-4220HIGH12 may 2026
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RIESGO
abrir
GitHub PoC
Quick mitigation and patch script for CVE-2026-31431 (Copy Fail) on Ubuntu/Debian VPS
CVE-2026-31431HIGHbajo ataque12 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC1
A CVE-2026-31431 implementation in c++ and inline assembly dependency free
CVE-2026-31431HIGHbajo ataque12 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
SystemVll/CVE-2026-31431-copyfail-aarch64
CVE-2026-31431HIGHbajo ataque12 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC885
exploit for CVE-2026-42945
CVE-2026-42945CRITICAL12 may 2026
NGINX ngx_http_rewrite_module vulnerability
60RIESGO
abrir
GitHub PoC
Cybersecurity demo exploiting CVE-2026-35455 with automatic API key generation and exfiltration
CVE-2026-35455HIGH12 may 2026
immich has Stored XSS via OCR Text in 360° Panorama Viewer
41RIESGO
abrir
GitHub PoC
Relatório de Análise Técnica: Exploração de Falha de Isolamento no Kernel Linux (CVE-2026-31431)
CVE-2026-31431HIGHbajo ataque11 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
CVE-2026-43284 & CVE-2026-43500 discovered by Hyunwoo Kim
CVE-2026-43284HIGH11 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC14
CVE-2026-43284/CVE-2026-43500 'DirtyFrag' Benign patch & mitigation detection script
CVE-2026-43284HIGH11 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC3
Arbitrary command execution on Cockpit
CVE-2026-4802HIGH11 may 2026
Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui
21RIESGO
abrir
GitHub PoC
Xmyronn/CVE-2026-10290-SQLI
CVE-2026-10290MEDIUM11 may 2026
code-projects Hotel and Tourism Reservation System GET Parameter tour.php sql injection
33RIESGO
abrir
GitHub PoC
Xmyronn/CVE-2026-10288-AUTH-BYPASS
CVE-2026-10288MEDIUM11 may 2026
code-projects Hotel and Tourism Reservation System Admin Login login.php password_verify improper authentication
33RIESGO
abrir
anteriorpágina 61 / 2373siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.