Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.140 exploits
GitHub PoC★ 1
Technical analysis and proof-of-concept for CVE-2024-1086, a Linux kernel nf_tables use-after-free vulnerability leading to local privilege escalation. Includes vulnerability breakdown, affected versions, exploitation methodology, and mitigation guidance for research and educational purposes.
Use-after-free in Linux kernel's netfilter: nf_tables component
76RIESGO
abrir ↗GitHub PoC
arrhenius975/CVE-2024-38063-Exploit-Refactoring
Windows TCP/IP Remote Code Execution Vulnerability
70RIESGO
abrir ↗GitHub PoC
prabeershakya/CVE-2022-0185-POC
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functio
76RIESGO
abrir ↗GitHub PoC★ 1
Demonstrate a proof-of-concept exploit for CVE-2026-2441, a high-risk Chrome use-after-free vulnerability in the Blink CSS engine.
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RIESGO
abrir ↗GitHub PoC
CVE-2025-68613 — n8n RCE via Expression Injection
n8n Vulnerable to Remote Code Execution via Expression Injection
100RIESGO
abrir ↗GitHub PoC
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir ↗GitHub PoC
CVE-2023-3452 exploit for WordPress Canto plugin RCE, HTTPS support included
Canto <= 3.0.4 - Unauthenticated Remote File Inclusion
63RIESGO
abrir ↗GitHub PoC
CVE-2024-23897: Jenkins Arbitrary File Read Lead to RCE
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RIESGO
abrir ↗GitHub PoC★ 19
Dahua IP camera CVE research toolkit (CVE-2021-33044/33045, CVE-2025-31700/31701)
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RIESGO
abrir ↗GitHub PoC
CVE-2025-5777
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RIESGO
abrir ↗GitHub PoC
PoC of CVE-2021-4034 (PwnKit) for personal training purposes.
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir ↗GitHub PoC
Aryan20057/CVE-2023-4911
Glibc: buffer overflow in ld.so leading to privilege escalation
100RIESGO
abrir ↗GitHub PoC★ 9
gowonisgood/CVE-2025-62215-POC
Windows Kernel Elevation of Privilege Vulnerability
71RIESGO
abrir ↗GitHub PoC
Metasploit module to exploit CVE-2024-46987 - an authenticated path traversal vulnerability in Camaleon CMS versions 2.8.0 through 2.8.2 and 2.9.0
Arbitrary path traversal in Camaleon CMS
61RIESGO
abrir ↗GitHub PoC★ 1
CVE-2025-43529 Test
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and
71RIESGO
abrir ↗GitHub PoC
CVE-2014-0160
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RIESGO
abrir ↗GitHub PoC
CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RIESGO
abrir ↗GitHub PoC
Black box penetration test — WordPress exploitation, privilege escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RIESGO
abrir ↗GitHub PoC
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RIESGO
abrir ↗GitHub PoC
This repository provides production-ready detection engineering content for **CVE-2025-25257**, a pre-authentication SQL Injection vulnerability in Fortinet FortiWeb Fabric Connector versions 7.0 through 7.6.x. Successful exploitation can lead to Remote Code Execution without any prior authentication.
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RIESGO
abrir ↗GitHub PoC
Time-Based Blind SQL Injection Exploit for the OpenSIPs Control Panel (or my first CVE!)
A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) pr
41RIESGO
abrir ↗GitHub PoC
Laravel-RCE: CVE-2017-9841
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RIESGO
abrir ↗GitHub PoC
bcarrulo/Lab-CVE-2022-30190
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RIESGO
abrir ↗GitHub PoC
GarethMSheldon/CVE-2025-60787-Detection-motionEye-RCE-via-Config-Injection
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RIESGO
abrir ↗GitHub PoC
Controlled penetration testing lab demonstrating CVE-2011-2523 exploitation and mitigation techniques.
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RIESGO
abrir ↗GitHub PoC
Metasploit exploit for the CVE-2025-50286.
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plug
56RIESGO
abrir ↗GitHub PoC
Public advisory and technical analysis for CVE-2026-36590, a NanoMQ v0.24.9 denial-of-service vulnerability.
An issue in EMQ NanoMQ v.0.24.9 allows a remote attacker to cause a denial of service via the nni_qos_db_set function in
41RIESGO
abrir ↗GitHub PoC
updated script
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.