Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
13.140 exploits
GitHub PoC1
Technical analysis and proof-of-concept for CVE-2024-1086, a Linux kernel nf_tables use-after-free vulnerability leading to local privilege escalation. Includes vulnerability breakdown, affected versions, exploitation methodology, and mitigation guidance for research and educational purposes.
CVE-2024-1086HIGHbajo ataqueransomware04 mar 2026
Use-after-free in Linux kernel's netfilter: nf_tables component
76RIESGO
abrir
GitHub PoC
arrhenius975/CVE-2024-38063-Exploit-Refactoring
CVE-2024-38063CRITICAL04 mar 2026
Windows TCP/IP Remote Code Execution Vulnerability
70RIESGO
abrir
GitHub PoC
HazaVVIP/CVE-2025-30208
CVE-2025-30208MEDIUM04 mar 2026
Vite bypasses server.fs.deny when using `?raw??`
70RIESGO
abrir
GitHub PoC
prabeershakya/CVE-2022-0185-POC
CVE-2022-0185HIGHbajo ataque04 mar 2026
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functio
76RIESGO
abrir
GitHub PoC1
Demonstrate a proof-of-concept exploit for CVE-2026-2441, a high-risk Chrome use-after-free vulnerability in the Blink CSS engine.
CVE-2026-2441HIGHbajo ataque03 mar 2026
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RIESGO
abrir
GitHub PoC
CVE-2025-68613 — n8n RCE via Expression Injection
CVE-2025-68613CRITICALbajo ataque03 mar 2026
n8n Vulnerable to Remote Code Execution via Expression Injection
100RIESGO
abrir
GitHub PoC
CVE-2025-32463
CVE-2025-32463CRITICALbajo ataque03 mar 2026
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir
GitHub PoC
CVE-2023-3452 exploit for WordPress Canto plugin RCE, HTTPS support included
CVE-2023-3452CRITICAL03 mar 2026
Canto <= 3.0.4 - Unauthenticated Remote File Inclusion
63RIESGO
abrir
GitHub PoC
CVE-2024-23897: Jenkins Arbitrary File Read Lead to RCE
CVE-2024-23897CRITICALbajo ataqueransomware03 mar 2026
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RIESGO
abrir
GitHub PoC19
Dahua IP camera CVE research toolkit (CVE-2021-33044/33045, CVE-2025-31700/31701)
CVE-2021-33044CRITICALbajo ataque03 mar 2026
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RIESGO
abrir
GitHub PoC
CVE-2025-5777
CVE-2025-5777CRITICALbajo ataqueransomware02 mar 2026
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RIESGO
abrir
GitHub PoC
PoC of CVE-2021-4034 (PwnKit) for personal training purposes.
CVE-2021-4034HIGHbajo ataque02 mar 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir
GitHub PoC
Aryan20057/CVE-2023-4911
CVE-2023-4911HIGHbajo ataque02 mar 2026
Glibc: buffer overflow in ld.so leading to privilege escalation
100RIESGO
abrir
GitHub PoC9
gowonisgood/CVE-2025-62215-POC
CVE-2025-62215HIGHbajo ataque02 mar 2026
Windows Kernel Elevation of Privilege Vulnerability
71RIESGO
abrir
GitHub PoC
Metasploit module to exploit CVE-2024-46987 - an authenticated path traversal vulnerability in Camaleon CMS versions 2.8.0 through 2.8.2 and 2.9.0
CVE-2024-46987HIGH02 mar 2026
Arbitrary path traversal in Camaleon CMS
61RIESGO
abrir
GitHub PoC1
CVE-2025-43529 Test
CVE-2025-43529HIGHbajo ataque02 mar 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and
71RIESGO
abrir
GitHub PoC
CVE-2014-0160
CVE-2014-0160HIGHbajo ataque01 mar 2026
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RIESGO
abrir
GitHub PoC
CVE-2022-22965
CVE-2022-22965CRITICALbajo ataque01 mar 2026
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RIESGO
abrir
GitHub PoC
Black box penetration test — WordPress exploitation, privilege escalation via CVE-2022-0847
CVE-2022-0847HIGHbajo ataque01 mar 2026
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RIESGO
abrir
GitHub PoC
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
CVE-2021-4034HIGHbajo ataque01 mar 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir
GitHub PoC
This repository provides production-ready detection engineering content for **CVE-2025-25257**, a pre-authentication SQL Injection vulnerability in Fortinet FortiWeb Fabric Connector versions 7.0 through 7.6.x. Successful exploitation can lead to Remote Code Execution without any prior authentication.
CVE-2025-25257CRITICALbajo ataque01 mar 2026
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RIESGO
abrir
GitHub PoC
Time-Based Blind SQL Injection Exploit for the OpenSIPs Control Panel (or my first CVE!)
CVE-2026-36670HIGH01 mar 2026
A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) pr
41RIESGO
abrir
GitHub PoC
7rootsec/CVE-2022-21661-Technical-Analysis
CVE-2022-21661HIGH01 mar 2026
SQL injection in WordPress
78RIESGO
abrir
GitHub PoC
Laravel-RCE: CVE-2017-9841
CVE-2017-9841CRITICALbajo ataque01 mar 2026
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RIESGO
abrir
GitHub PoC
bcarrulo/Lab-CVE-2022-30190
CVE-2022-30190HIGHbajo ataqueransomware28 feb 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RIESGO
abrir
GitHub PoC
GarethMSheldon/CVE-2025-60787-Detection-motionEye-RCE-via-Config-Injection
CVE-2025-60787HIGH28 feb 2026
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RIESGO
abrir
GitHub PoC
Controlled penetration testing lab demonstrating CVE-2011-2523 exploitation and mitigation techniques.
CVE-2011-252328 feb 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir
GitHub PoC
Metasploit exploit for the CVE-2025-50286.
CVE-2025-50286HIGH28 feb 2026
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plug
56RIESGO
abrir
GitHub PoC
Public advisory and technical analysis for CVE-2026-36590, a NanoMQ v0.24.9 denial-of-service vulnerability.
CVE-2026-36590HIGH28 feb 2026
An issue in EMQ NanoMQ v.0.24.9 allows a remote attacker to cause a denial of service via the nni_qos_db_set function in
41RIESGO
abrir
GitHub PoC
updated script
CVE-2019-905328 feb 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.