Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
13.140 exploits
GitHub PoC
demo application showing off SQL Injection exploit in django 5.2.7
CVE-2025-64459CRITICAL09 mar 2026
Potential SQL injection via _connector keyword argument in QuerySet and Q objects
53RIESGO
abrir
GitHub PoC
VX Search Enterprise v10.1.12 Remote Buffer Overflow
CVE-2017-1522009 mar 2026
Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginni
23RIESGO
abrir
GitHub PoC
learning github
CVE-2021-2476209 mar 2026
Perfect Survey < 1.5.2 - Unauthenticated SQL Injection
60RIESGO
abrir
GitHub PoC1
SOC investigation of CVE-2024-49138 exploitation alert involving PowerShell, EDRFreeze execution, and defense evasion behavior in a simulated environment.
CVE-2024-49138HIGHbajo ataque09 mar 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RIESGO
abrir
GitHub PoC3
cupntlm
CVE-2025-33073HIGHbajo ataque09 mar 2026
Windows SMB Client Elevation of Privilege Vulnerability
83RIESGO
abrir
GitHub PoC
A demo and explanation of CVE-2026-31431
CVE-2026-31431HIGHbajo ataque08 mar 2026
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir
GitHub PoC
Dockerized vulnerable lab demonstrating CVE-2024-2083 in ZenML, a path traversal vulnerability in the step logs API allowing arbitrary file read.
CVE-2024-2083CRITICAL08 mar 2026
Directory Traversal in zenml-io/zenml
60RIESGO
abrir
GitHub PoC
0axz-tools/CVE-2025-6440
CVE-2025-6440CRITICAL08 mar 2026
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RIESGO
abrir
GitHub PoC8
ZenoMinder Blind SQL Injection PoC
CVE-2024-51482CRITICAL08 mar 2026
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RIESGO
abrir
GitHub PoC
ZoneMinder Time-Based SQL Injection (CVE-2024-51482) Exploit POC
CVE-2024-51482CRITICAL08 mar 2026
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RIESGO
abrir
GitHub PoC
gustavorobertux/cisco-cve-2023-20198-checker
CVE-2023-20198CRITICALbajo ataque08 mar 2026
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RIESGO
abrir
GitHub PoC202
CVE-2026-24061 exploit PoC
CVE-2026-24061CRITICALbajo ataque08 mar 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
GitHub PoC3
CVE-2023-38831 is a Zero-day WinRAR vulnerability that lets attackers disguise malicious files in archives, tricking users into executing harmful content.
CVE-2023-38831HIGHbajo ataqueransomware08 mar 2026
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RIESGO
abrir
GitHub PoC
Penetration testing lab demonstrating CVE-2024-21413 moniker link exploitation for NTLM credential theft, including attack execution, hash cracking, and defensive countermeasures
CVE-2024-21413CRITICALbajo ataque08 mar 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC2
lil0xplorer/CVE-2025-60787_PoC
CVE-2025-60787HIGH08 mar 2026
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RIESGO
abrir
GitHub PoC10
PoC for CVE-2025-60787 - Authenticated RCE in motionEye for all versions up to 0.43.1b4 (included)
CVE-2025-60787HIGH08 mar 2026
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RIESGO
abrir
GitHub PoC
An automated, high-precision zero-shot evaluation pipeline for OpenAI's CLIP model on CIFAR-10. Features 88.80% accuracy, Safetensors security mitigation (CVE-2025-32434), and AI Native (Trae) workflow.
CVE-2025-32434CRITICAL08 mar 2026
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
48RIESGO
abrir
GitHub PoC
Exploit for CVE-2023-27372 with interactiev shell
CVE-2023-27372CRITICAL07 mar 2026
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. T
85RIESGO
abrir
GitHub PoC2
Go PoC for CVE-2025-32433 — unauthenticated RCE in Erlang/OTP SSH.
CVE-2025-32433CRITICALbajo ataque07 mar 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RIESGO
abrir
GitHub PoC1
Professional PoC for CVE-2025-60787: Remote Code Execution in MotionEye (<= 0.43.1b4). This exploit demonstrates an OS Command Injection vulnerability through client-side validation bypass, allowing attackers to execute arbitrary commands via configuration files.
CVE-2025-60787HIGH07 mar 2026
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RIESGO
abrir
GitHub PoC
CVE-2020-1350的PoC
CVE-2020-1350CRITICALbajo ataque07 mar 2026
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle req
100RIESGO
abrir
GitHub PoC14
Authenticated time-based blind SQL injection PoC for ZoneMinder CVE-2024-51482 (v1.37.* <= 1.37.64)
CVE-2024-51482CRITICAL07 mar 2026
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RIESGO
abrir
GitHub PoC
Asus Router Arbitrary File Write to Remote Code Execution PoC - Fk Mirai
CVE-2024-3912CRITICAL06 mar 2026
ASUS Router - Upload arbitrary firmware
48RIESGO
abrir
GitHub PoC
luoqichen/CVE-2025-55182-POC
CVE-2025-55182CRITICALbajo ataqueransomware06 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
this is a metasploit exploit module for CVE-2024-25096 and CVE-2023-3452
CVE-2023-3452CRITICAL06 mar 2026
Canto <= 3.0.4 - Unauthenticated Remote File Inclusion
63RIESGO
abrir
GitHub PoC
Full-cycle Pentest on Metasploitable (VMware/Kali). Scanned services (Apache Tomcat/8180), researched CVE-2002-0936 via Exploit-DB, and gained access using default creds (Metasploit). Performed local enumeration for SUID misconfigs, exploiting a legacy Nmap binary to escalate privileges to Root.
CVE-2002-093606 mar 2026
The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the w
28RIESGO
abrir
GitHub PoC
CVE-2014-6271
CVE-2014-6271CRITICALbajo ataque06 mar 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
GitHub PoC
shakyanayann/CVE-2022-0185
CVE-2022-0185HIGHbajo ataque05 mar 2026
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functio
76RIESGO
abrir
GitHub PoC2
yonathanpy/CVE-2025-32462-CVE-2025-32463-PoC-Lab
CVE-2025-32462LOW05 mar 2026
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allo
28RIESGO
abrir
GitHub PoC1
Faridi-m/CVE-2021-22911-RocketChat
CVE-2021-2291104 mar 2026
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.