Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.180 exploits
GitHub PoC
CVE-2026-40987 PoC
Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization
41RIESGO
abrir ↗GitHub PoC★ 1
Exploit for CVE-2026-31431 (Copy Fail)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗VulnCheck XDB
initial-access
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC
EspoCRM 9.3.3 - Stored HTML Injection in Email Notifications
EspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post field
13RIESGO
abrir ↗GitHub PoC★ 1
This project is a cybersecurity research and analysis project focused on CVE-2023-38831, a critical WinRAR vulnerability that allows attackers to execute malicious code through specially crafted archive files. The project was conducted in a controlled lab environment for educational and defensive security purposes only.
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RIESGO
abrir ↗GitHub PoC
Copy Fail (CVE-2026-31431)
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗VulnCheck XDB
initial-access
Livewire vulnerable to remote command execution during property update hydration
100RIESGO
abrir ↗GitHub PoC
SSTI contact form to rce
Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality
75RIESGO
abrir ↗VulnCheck XDB
initial-access
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RIESGO
abrir ↗GitHub PoC
CVE-2026-43284 & CVE-2026-43500 discovered by Hyunwoo Kim
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC
CVE-2026-43284的rust版本实现
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC★ 68
EncryptInterceptor fail-open bypass in Apache Tomcat Tribes clustering leading to unauthenticated RCE via Java deserialization.
Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor
61RIESGO
abrir ↗GitHub PoC
CVE-2026-42569
phpvms: /importer authorization bypass causing full database wipe
43RIESGO
abrir ↗GitHub PoC
Xmyronn/CVE-2026-10289-XSS
code-projects Hotel and Tourism Reservation System tour.php cross site scripting
33RIESGO
abrir ↗GitHub PoC
Xmyronn/CVE-2026-10288-AUTH-BYPASS
code-projects Hotel and Tourism Reservation System Admin Login login.php password_verify improper authentication
33RIESGO
abrir ↗GitHub PoC
Lab testing documentation for CVE-2026-31431 (Copy Fail) Linux kernel LPE
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Xmyronn/CVE-2026-10290-SQLI
code-projects Hotel and Tourism Reservation System GET Parameter tour.php sql injection
33RIESGO
abrir ↗GitHub PoC
Dirtyfrag CVE-2026-43284 & CVE-2026-43500 Scanner
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC★ 29
Double-free in Apache httpd mod_http2 stream cleanup leading to pre-auth RCE.
Apache HTTP Server: http2: double free and possible RCE on early reset
53RIESGO
abrir ↗GitHub PoC
CVE-2026-41940 — cPanel/WHM Auth Bypass By Dr.Anach, CRLF injection in `cpsrvd` Basic auth handler → unauthenticated WHM API access → RCE as root. All cPanel since v11.40 affected.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC★ 3
Arbitrary command execution on Cockpit
Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui
21RIESGO
abrir ↗GitHub PoC
PoC for CVE-2026-8023: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read
41RIESGO
abrir ↗GitHub PoC★ 14
CVE-2026-43284/CVE-2026-43500 'DirtyFrag' Benign patch & mitigation detection script
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir ↗GitHub PoC
Форензика после CVE-2026-41940 (cPanel/WHM) — bash-скрипт и чек-лист
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir ↗GitHub PoC
Threat intelligence brief on CVE-2026-42208, a critical pre-auth SQL injection in BerriAI LiteLLM exploited within 36 hours of disclosure. Covers attack path, detection opportunities, and recommended actions.
LiteLLM: SQL injection in Proxy API key verification
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.