Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.140 exploits
GitHub PoC
demo application showing off SQL Injection exploit in django 5.2.7
Potential SQL injection via _connector keyword argument in QuerySet and Q objects
53RIESGO
abrir ↗GitHub PoC
VX Search Enterprise v10.1.12 Remote Buffer Overflow
Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginni
23RIESGO
abrir ↗GitHub PoC★ 1
SOC investigation of CVE-2024-49138 exploitation alert involving PowerShell, EDRFreeze execution, and defense evasion behavior in a simulated environment.
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RIESGO
abrir ↗GitHub PoC
A demo and explanation of CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC
Dockerized vulnerable lab demonstrating CVE-2024-2083 in ZenML, a path traversal vulnerability in the step logs API allowing arbitrary file read.
Directory Traversal in zenml-io/zenml
60RIESGO
abrir ↗GitHub PoC
0axz-tools/CVE-2025-6440
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RIESGO
abrir ↗GitHub PoC★ 8
ZenoMinder Blind SQL Injection PoC
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RIESGO
abrir ↗GitHub PoC
ZoneMinder Time-Based SQL Injection (CVE-2024-51482) Exploit POC
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RIESGO
abrir ↗GitHub PoC
gustavorobertux/cisco-cve-2023-20198-checker
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RIESGO
abrir ↗GitHub PoC★ 202
CVE-2026-24061 exploit PoC
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir ↗GitHub PoC★ 3
CVE-2023-38831 is a Zero-day WinRAR vulnerability that lets attackers disguise malicious files in archives, tricking users into executing harmful content.
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RIESGO
abrir ↗GitHub PoC
Penetration testing lab demonstrating CVE-2024-21413 moniker link exploitation for NTLM credential theft, including attack execution, hash cracking, and defensive countermeasures
Microsoft Outlook Remote Code Execution Vulnerability
100RIESGO
abrir ↗GitHub PoC★ 2
lil0xplorer/CVE-2025-60787_PoC
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RIESGO
abrir ↗GitHub PoC★ 10
PoC for CVE-2025-60787 - Authenticated RCE in motionEye for all versions up to 0.43.1b4 (included)
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RIESGO
abrir ↗GitHub PoC
An automated, high-precision zero-shot evaluation pipeline for OpenAI's CLIP model on CIFAR-10. Features 88.80% accuracy, Safetensors security mitigation (CVE-2025-32434), and AI Native (Trae) workflow.
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
48RIESGO
abrir ↗GitHub PoC
Exploit for CVE-2023-27372 with interactiev shell
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. T
85RIESGO
abrir ↗GitHub PoC★ 2
Go PoC for CVE-2025-32433 — unauthenticated RCE in Erlang/OTP SSH.
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir ↗GitHub PoC★ 1
Professional PoC for CVE-2025-60787: Remote Code Execution in MotionEye (<= 0.43.1b4). This exploit demonstrates an OS Command Injection vulnerability through client-side validation bypass, allowing attackers to execute arbitrary commands via configuration files.
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RIESGO
abrir ↗GitHub PoC
CVE-2020-1350的PoC
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle req
100RIESGO
abrir ↗GitHub PoC★ 14
Authenticated time-based blind SQL injection PoC for ZoneMinder CVE-2024-51482 (v1.37.* <= 1.37.64)
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RIESGO
abrir ↗GitHub PoC
Asus Router Arbitrary File Write to Remote Code Execution PoC - Fk Mirai
ASUS Router - Upload arbitrary firmware
48RIESGO
abrir ↗GitHub PoC
luoqichen/CVE-2025-55182-POC
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
this is a metasploit exploit module for CVE-2024-25096 and CVE-2023-3452
Canto <= 3.0.4 - Unauthenticated Remote File Inclusion
63RIESGO
abrir ↗GitHub PoC
Full-cycle Pentest on Metasploitable (VMware/Kali). Scanned services (Apache Tomcat/8180), researched CVE-2002-0936 via Exploit-DB, and gained access using default creds (Metasploit). Performed local enumeration for SUID misconfigs, exploiting a legacy Nmap binary to escalate privileges to Root.
The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the w
28RIESGO
abrir ↗GitHub PoC
CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗GitHub PoC
shakyanayann/CVE-2022-0185
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functio
76RIESGO
abrir ↗GitHub PoC★ 2
yonathanpy/CVE-2025-32462-CVE-2025-32463-PoC-Lab
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allo
28RIESGO
abrir ↗GitHub PoC★ 1
Faridi-m/CVE-2021-22911-RocketChat
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.