Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.140 exploits
GitHub PoC
CVE-2025-14847
Zlib compressed protocol header length confusion may allow memory read
100RIESGO
abrir ↗GitHub PoC
SonicWall security audit toolkit with vulnerable CTF lab (CVE-2021-20038, CVE-2024-53704)
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows
100RIESGO
abrir ↗GitHub PoC
CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
SonicWall security audit toolkit with vulnerable CTF lab (CVE-2021-20038, CVE-2024-53704)
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authe
100RIESGO
abrir ↗GitHub PoC★ 2
tempiltin/CVE-2025-10353-POC
Missing Authorization vulnerability in Melis Platform
63RIESGO
abrir ↗GitHub PoC
RCE for WingFTP v4.7.3
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir ↗GitHub PoC
Stored Cross-Site Scripting in "usememos" via SVG
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a us
48RIESGO
abrir ↗GitHub PoC★ 3
CVE-2023-43208: Mirth Connect Pre-Auth RCE PoC
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RIESGO
abrir ↗GitHub PoC★ 1
PoC for Mirth Connect Remote Code Execution (RCE)
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RIESGO
abrir ↗GitHub PoC★ 1
Educational lab demonstrating CVE-2021-36934 (HiveNightmare) - Windows LPE via shadow copy ACL misconfiguration.
Windows Elevation of Privilege Vulnerability
98RIESGO
abrir ↗GitHub PoC
danilo1992-sys/CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir ↗GitHub PoC
PoC exploit for CVE-2024-46987 — Camaleon CMS arbitrary path traversal (file read)
Arbitrary path traversal in Camaleon CMS
61RIESGO
abrir ↗GitHub PoC
its970/CVE-2025-68645
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1
98RIESGO
abrir ↗GitHub PoC★ 1
Exploitation de CVE-2022-26923
Active Directory Domain Services Elevation of Privilege Vulnerability
100RIESGO
abrir ↗GitHub PoC
The flaw allows an attacker to execute arbitrary system commands on the server hosting the Pterodactyl Panel without any prior authentication.
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir ↗GitHub PoC
Path traversal vulnerability in Python's tarfile.
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir ↗GitHub PoC
A proof of concept for CVE-2025-31161, using mangled HTTP header to perform unauthenticated impersonation of any user in Crush FTP server.
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RIESGO
abrir ↗GitHub PoC
CVE-2022-37969 poc
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RIESGO
abrir ↗GitHub PoC
C reimplementation of chwoot PoC
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RIESGO
abrir ↗GitHub PoC
A practical lab demonstrating the exploitation of a critical Remote Code Execution (RCE) vulnerability in Apache Struts2 (CVE-2017-5638) using Vulhub Docker environments. Includes setup instructions and commands to run the vulnerable container.
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RIESGO
abrir ↗GitHub PoC
CVE-2014-6271 Exploit | by infrar3d
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗GitHub PoC★ 4
CVE-2025-71243 - SPIP Saisies Plugin RCE (Unauthenticated PHP Code Injection)
SPIP Saisies Plugin < 5.11.1 Remote Code Execution
63RIESGO
abrir ↗GitHub PoC
CVE-2022-24521 poc
Windows Common Log File System Driver Elevation of Privilege Vulnerability
71RIESGO
abrir ↗GitHub PoC★ 1
这是基于cve-2016-4437简单的漏洞复现代码
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attack
100RIESGO
abrir ↗GitHub PoC★ 1
Unauthenticated remote code execution vulnerability in Wing FTP Server <= 7.4.3.
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir ↗GitHub PoC★ 1
Command injection vulnerability in elFinder <= 2.1.47 via the PHP connector component. Allows unauthenticated remote code execution as the web server user.
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
60RIESGO
abrir ↗GitHub PoC★ 1
orgito1015/CVE-2025-55182-Researching-process
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
Unauthenticated remote code execution vulnerability in WordPress Bricks Builder <= 1.9.6. The template render endpoint accepts PHP code without authentication, allowing arbitrary command execution as the web server user.
WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
85RIESGO
abrir ↗GitHub PoC
Exploit for CVE-2024-6232 - Python Tarfile Realpath Overflow
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir ↗GitHub PoC
A deep-dive security analysis into the 2020 Virgin Mobile KSA data breach. This study dissects the exploitation of CVE-2020-0688, evaluates the impact of delayed patch management, and proposes a robust multi-layered defense architecture to prevent sophisticated exfiltration tactics.
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle o
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.