Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.292exploits catalogados
31.741CVEs con explotación pública
0probados en laboratorio
71.284 exploits
GitHub PoC
Copy Fail (CVE-2026-31431)
CVE-2026-31431HIGHbajo ataque11 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
CVE-2026-40987 PoC
CVE-2026-40987HIGH11 may 2026
Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization
41RIESGO
abrir
GitHub PoC
CVE-2026-6274 - Redline WR3200 Broken Authentication
CVE-2026-6274CRITICAL11 may 2026
Authentication Bypass in DTS Electronics' Redline WR3200
28RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-0740CRITICAL11 may 2026
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RIESGO
abrir
GitHub PoC
Dirtyfrag CVE-2026-43284 & CVE-2026-43500 Scanner
CVE-2026-43284HIGH11 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
Proof of concept of CVE-2026-8161 (Multiparty)
CVE-2026-8161HIGH11 may 2026
multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception
21RIESGO
abrir
GitHub PoC
PoC for CVE-2026-8023: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-8023HIGH11 may 2026
Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read
41RIESGO
abrir
GitHub PoC68
EncryptInterceptor fail-open bypass in Apache Tomcat Tribes clustering leading to unauthenticated RCE via Java deserialization.
CVE-2026-34486HIGH11 may 2026
Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor
61RIESGO
abrir
GitHub PoC
CVE-2026-42569
CVE-2026-42569CRITICAL11 may 2026
phpvms: /importer authorization bypass causing full database wipe
43RIESGO
abrir
GitHub PoC29
Double-free in Apache httpd mod_http2 stream cleanup leading to pre-auth RCE.
CVE-2026-23918HIGH11 may 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RIESGO
abrir
VulnCheck XDB
local
CVE-2026-43284HIGH11 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
CVE-2026-41940 — cPanel/WHM Auth Bypass By Dr.Anach, CRLF injection in `cpsrvd` Basic auth handler → unauthenticated WHM API access → RCE as root. All cPanel since v11.40 affected.
CVE-2026-41940CRITICALbajo ataqueransomware11 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque11 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque11 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque11 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC3
Arbitrary command execution on Cockpit
CVE-2026-4802HIGH11 may 2026
Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui
21RIESGO
abrir
GitHub PoC
SSTI contact form to rce
CVE-2026-4257CRITICAL11 may 2026
Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality
75RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-54068CRITICALbajo ataque11 may 2026
Livewire vulnerable to remote command execution during property update hydration
100RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque11 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque11 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
EspoCRM 9.3.3 - Stored HTML Injection in Email Notifications
CVE-2026-33657MEDIUM11 may 2026
EspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post field
13RIESGO
abrir
GitHub PoC1
This project is a cybersecurity research and analysis project focused on CVE-2023-38831, a critical WinRAR vulnerability that allows attackers to execute malicious code through specially crafted archive files. The project was conducted in a controlled lab environment for educational and defensive security purposes only.
CVE-2023-38831HIGHbajo ataqueransomware11 may 2026
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RIESGO
abrir
GitHub PoC1
Exploit for CVE-2026-31431 (Copy Fail)
CVE-2026-31431HIGHbajo ataque11 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Exploit Windows server 2019 vulnerable to Zerologon with Garble, Chisel, wp-file-manager vulnerability (have video demo)
CVE-2020-25213CRITICALbajo ataque10 may 2026
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RIESGO
abrir
GitHub PoC
kaleth4/CVE-2026-7482
CVE-2026-7482HIGH10 may 2026
Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers
41RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-1094HIGH10 may 2026
PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
78RIESGO
abrir
VulnCheck XDB
local
CVE-2026-43284HIGH10 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC5
Crihexe/v8-poc-CVE-2026-5865
CVE-2026-5865HIGH10 may 2026
Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside
21RIESGO
abrir
GitHub PoC
Educational Proof of Concept for CVE-2026-31431 / Copy Fail Linux local privilege escalation via AF_ALG algif_aead
CVE-2026-31431HIGHbajo ataque10 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Форензика после CVE-2026-41940 (cPanel/WHM) — bash-скрипт и чек-лист
CVE-2026-41940CRITICALbajo ataqueransomware10 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
anteriorpágina 64 / 2377siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.