Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.622exploits catalogados
32.030CVEs con explotación pública
1932probados en laboratorio
71.622 exploits
GitHub PoC1
CVE-2026-31431 - Linux Kernel Page Cache Vulnerability
CVE-2026-31431HIGHbajo ataque11 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
VulnCheck XDB
local
CVE-2026-43284HIGH11 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-0740CRITICAL11 may 2026
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RIESGO
abrir
GitHub PoC
CVE-2026-41940 — cPanel/WHM Auth Bypass By Dr.Anach, CRLF injection in `cpsrvd` Basic auth handler → unauthenticated WHM API access → RCE as root. All cPanel since v11.40 affected.
CVE-2026-41940CRITICALbajo ataqueransomware11 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC1
This project is a cybersecurity research and analysis project focused on CVE-2023-38831, a critical WinRAR vulnerability that allows attackers to execute malicious code through specially crafted archive files. The project was conducted in a controlled lab environment for educational and defensive security purposes only.
CVE-2023-38831HIGHbajo ataqueransomware11 may 2026
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RIESGO
abrir
GitHub PoC
Copy Fail (CVE-2026-31431)
CVE-2026-31431HIGHbajo ataque11 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Exploit Windows server 2019 vulnerable to Zerologon with Garble, Chisel, wp-file-manager vulnerability (have video demo)
CVE-2020-25213CRITICALbajo ataque10 may 2026
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RIESGO
abrir
GitHub PoC
A temporary mitigation against copy_fail variant (copyfail2_electric_boogaloo) - Unprivileged Linux LPE via xfrm ESP-in-UDP MSG_SPLICE_PAGES no-COW fast path. Page-cache write into any readable file. Overwrites a nologin line in /etc/passwd with sick::0:0:…:/:/bin/bash and sus into it. Same class as Copy Fail (CVE-2026-31431), different subsystem.
CVE-2026-31431HIGHbajo ataque10 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
VulnCheck XDB
local
CVE-2026-43284HIGH10 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2024-47176MEDIUM10 may 2026
cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source
60RIESGO
abrir
GitHub PoC2
cPanelSniper STABLE - CVE-2026-41940 optimized for 10M+ targets
CVE-2026-41940CRITICALbajo ataqueransomware10 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC
Форензика после CVE-2026-41940 (cPanel/WHM) — bash-скрипт и чек-лист
CVE-2026-41940CRITICALbajo ataqueransomware10 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC
Educational Proof of Concept for CVE-2026-31431 / Copy Fail Linux local privilege escalation via AF_ALG algif_aead
CVE-2026-31431HIGHbajo ataque10 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2025-4396HIGH10 may 2026
Relevanssi <= 4.24.4 (Free) and <= 2.27.5 (Premium) - Unauthenticated SQL Injection
56RIESGO
abrir
GitHub PoC
Technical analysis of the LangChain serialization injection vulnerability CVE-2025-68664.
CVE-2025-68664CRITICAL10 may 2026
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
53RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2025-1094HIGH10 may 2026
PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation
78RIESGO
abrir
VulnCheck XDB
info-leak
CVE-2026-42208CRITICALbajo ataque10 may 2026
LiteLLM: SQL injection in Proxy API key verification
100RIESGO
abrir
GitHub PoC
kaleth4/CVE-2026-7482
CVE-2026-7482HIGH10 may 2026
Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers
21RIESGO
abrir
GitHub PoC
ryan2929/CVE-2026-43284-
CVE-2026-43284HIGH10 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
Threat intelligence brief on CVE-2026-42208, a critical pre-auth SQL injection in BerriAI LiteLLM exploited within 36 hours of disclosure. Covers attack path, detection opportunities, and recommended actions.
CVE-2026-42208CRITICALbajo ataque10 may 2026
LiteLLM: SQL injection in Proxy API key verification
100RIESGO
abrir
GitHub PoC
CVE-2026-20131
CVE-2026-20131CRITICALbajo ataqueransomware10 may 2026
Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability
83RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-3844CRITICAL10 may 2026
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RIESGO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-42208-Lab
CVE-2026-42208CRITICALbajo ataque10 may 2026
LiteLLM: SQL injection in Proxy API key verification
100RIESGO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHbajo ataque10 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2020-25213CRITICALbajo ataque10 may 2026
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RIESGO
abrir
GitHub PoC5
Crihexe/v8-poc-CVE-2026-5865
CVE-2026-5865HIGH10 may 2026
Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside
21RIESGO
abrir
GitHub PoC27
arm64/aarch64 port of V4bel/dirtyfrag (CVE-2026-43284). ESP-only - rxrpc path kernel-oopses on arm64 due to flush_dcache_page
CVE-2026-43284HIGH10 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
VulnCheck XDB
initial-access
CVE-2026-41940CRITICALbajo ataqueransomware10 may 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RIESGO
abrir
GitHub PoC7
Read-only checker for CVE-2026-43284 / CVE-2026-43500 (Dirty Frag) Linux kernel local-root vulns
CVE-2026-43284HIGH09 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
GitHub PoC
Hunt-Benito/copy-fail-cve-2026-31431-linux-kernel-page-cache-lpe
CVE-2026-31431HIGHbajo ataque09 may 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
anteriorpágina 65 / 2388siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.