Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
13.140 exploits
GitHub PoC
Areeba-Zehra-Jafri/CVE-2021-41773---Apache-Path-Traversal---RCE
CVE-2021-41773HIGHbajo ataqueransomware18 mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
GitHub PoC
Cybersecurity lab demonstrating Apache CVE-2021-41773 path traversal vulnerability with vulnerable server simulation, scanner, and security reporting.
CVE-2021-41773HIGHbajo ataqueransomware18 mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
GitHub PoC1
luoluoqingge/CVE-2025-55182
CVE-2025-55182CRITICALbajo ataqueransomware18 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
Laboratorio para el análisis y explotación del CVE-2025-5548
CVE-2025-5548MEDIUM18 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RIESGO
abrir
GitHub PoC
Practical lab focused on vulnerability analysis and exploit development, using FreeFloat FTP Server 1.0 as an educational buffer overflow case study and documenting the setup, analysis and exploitation workflow
CVE-2025-5548MEDIUM18 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RIESGO
abrir
GitHub PoC
SSH Exploit Tool (Educational Use Only) 📌 Description This tool demonstrates exploitation of: CVE-2008-0166 CVE-2008-1657 It connects to vulnerable SSH services and provides: Persistent interactive shell Command execution logging Automatic PDF & DOCX report generation
CVE-2008-016618 mar 2026
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that ge
45RIESGO
abrir
GitHub PoC
A comprehensive analysis of CVE-2021-41773 (Apache HTTP Server 2.4.49), featuring vulnerability research, controlled lab-based exploitation, Proof-of-Concept development, root cause analysis, and mitigation strategies for educational and defensive security purposes.
CVE-2021-41773HIGHbajo ataqueransomware18 mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
GitHub PoC
A professional Python tool designed for educational penetration testing, demonstrating SSH vulnerabilities (CVE-2008-0166 / CVE-2008-1657) with interactive shell access, command logging, and automated PDF/DOCX reporting.
CVE-2008-016618 mar 2026
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that ge
45RIESGO
abrir
GitHub PoC
Apache 2.4.49 Path Traversal RCE
CVE-2021-41773HIGHbajo ataqueransomware18 mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RIESGO
abrir
GitHub PoC
Red Team exploitation of CVE-2021-3156 (Baron Samedit) – Heap Buffer Overflow in Sudo leading to Local Privilege Escalation on Ubuntu 20.04
CVE-2021-3156HIGHbajo ataque18 mar 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RIESGO
abrir
GitHub PoC
FKShield/CVE-2025-5548
CVE-2025-5548MEDIUM18 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RIESGO
abrir
GitHub PoC
jesusdominguez87/CVE-2025-5548
CVE-2025-5548MEDIUM18 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RIESGO
abrir
GitHub PoC
CVE-2024-53677 취약점 분석 보고서
CVE-2024-53677CRITICAL18 mar 2026
Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
70RIESGO
abrir
GitHub PoC
Toddkk02/CVE-2025-29927
CVE-2025-29927CRITICAL17 mar 2026
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
GitHub PoC
CVE-2025-29927-Nextjs 분석 보고서
CVE-2025-29927CRITICAL17 mar 2026
Authorization Bypass in Next.js Middleware
85RIESGO
abrir
GitHub PoC
​Detailed analysis of the 2023 MOVEit Transfer data breach (CVE-2023-34362) for CS50 Cybersecurity. This project explores the technical impact of unauthenticated SQL Injection and its consequences for global data privacy, affecting 2,700+ organizations. Special thanks to Professor David J. Malan and the CS50 staff.
CVE-2023-34362CRITICALbajo ataqueransomware17 mar 2026
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.
100RIESGO
abrir
GitHub PoC
a PoC for the Nagios CVE-2019-15949 rce in python
CVE-2019-15949HIGHbajo ataque17 mar 2026
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios
100RIESGO
abrir
GitHub PoC1
uname1able/CVE-2025-29824
CVE-2025-29824HIGHbajo ataqueransomware17 mar 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RIESGO
abrir
GitHub PoC
REC Exploit is a Python-based security testing tool that automates detection of potential RCE conditions in web applications under authorized environments. It sends crafted POST requests to targets, analyzes server responses for execution indicators, and supports batch scanning with custom input, structured payload handling, and clear CLI output.
CVE-2025-55182CRITICALbajo ataqueransomware17 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
Proof-of-concept for CVE-2025-55182 (React2Shell): unauthenticated RCE in React Server Components / Next.js via Flight protocol deserialization.
CVE-2025-55182CRITICALbajo ataqueransomware17 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
Security research and reproduction of CVE-2025-5548: A stack-based buffer overflow in FreeFloat FTP Server 1.0. Includes binary analysis, crash replication, and environment setup for vulnerability research.
CVE-2025-5548MEDIUM17 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RIESGO
abrir
GitHub PoC
CVE-2021-44228 Log4Shell — Penetration Test Writeup
CVE-2021-44228CRITICALbajo ataqueransomware17 mar 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RIESGO
abrir
GitHub PoC
Buffer overflow in FreeFloat FTP Server 1.0
CVE-2025-5548MEDIUM17 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RIESGO
abrir
GitHub PoC
PopClom/CVE-2025-5548
CVE-2025-5548MEDIUM17 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RIESGO
abrir
GitHub PoC
Alvarosr16/CVE-2025-5548
CVE-2025-5548MEDIUM17 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RIESGO
abrir
GitHub PoC
Diego57709/CVE-2025-5548
CVE-2025-5548MEDIUM16 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RIESGO
abrir
GitHub PoC
luisyapura/Analisis-y-Explotacion-de-CVE-2025-5548
CVE-2025-5548MEDIUM16 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RIESGO
abrir
GitHub PoC
CVE-2022-42889 취약점 분석보고서
CVE-2022-4288916 mar 2026
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RIESGO
abrir
GitHub PoC
CVE-2020-5902
CVE-2020-5902CRITICALbajo ataqueransomware16 mar 2026
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RIESGO
abrir
GitHub PoC
jgs-developer/CVE-2025-5548
CVE-2025-5548MEDIUM16 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.