Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
13.140 exploits
GitHub PoC
Unauthenticated remote code execution vulnerability in WordPress Bricks Builder <= 1.9.6. The template render endpoint accepts PHP code without authentication, allowing arbitrary command execution as the web server user.
CVE-2024-25600CRITICAL18 feb 2026
WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
85RIESGO
abrir
GitHub PoC
Exploit for CVE-2024-6232 - Python Tarfile Realpath Overflow
CVE-2025-4517CRITICAL18 feb 2026
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir
GitHub PoC
PoC and explanation for CVE-2025-4517 used in a CTF I was playing.
CVE-2025-4517CRITICAL17 feb 2026
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir
GitHub PoC
andres101c/Shellshock-CVE-2014-6271
CVE-2014-6271CRITICALbajo ataque17 feb 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir
GitHub PoC
Proof-of-concept exploit for CVE-2023-20198, an authentication bypass vulnerability affecting Cisco IOS XE Web UI
CVE-2023-20198CRITICALbajo ataque17 feb 2026
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RIESGO
abrir
GitHub PoC
Interactive shell client for React Server Components RCE exploitation via __proto__ pollution (CVE-2025-55182)
CVE-2025-55182CRITICALbajo ataqueransomware17 feb 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir
GitHub PoC
New CVE-2019-7609 which works with python 13
CVE-2019-7609CRITICALbajo ataque17 feb 2026
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker
100RIESGO
abrir
GitHub PoC2
CVE-2025-47812 POC
CVE-2025-47812CRITICALbajo ataque17 feb 2026
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir
GitHub PoC4
CVE For Pterodactyl (For Study and Education)
CVE-2025-49132CRITICAL16 feb 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir
GitHub PoC
A high-performance Python toolkit to automate the CVE-2025-4517 PATH_MAX bypass exploit. Specifically tuned for the WingData HTB challenge to achieve arbitrary file writes and root persistence
CVE-2025-4517CRITICAL16 feb 2026
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir
GitHub PoC
rogerzeferino/Apache-Solr-RCE-CVE-2019-17558
CVE-2019-17558HIGHbajo ataque16 feb 2026
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A V
100RIESGO
abrir
GitHub PoC
Authenticated RCE in Netgate pfSense CE 2.7.2 and 2.8.0
CVE-2025-69690CRITICAL16 feb 2026
Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP ob
48RIESGO
abrir
GitHub PoC2
CVE‑2025‑4517 Proof‑of‑Concept Script
CVE-2025-4517CRITICAL15 feb 2026
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir
GitHub PoC8
Python tarfile data filter bypass via PATH_MAX overflow in os.path.realpath() - CVE-2025-4517 / CVE-2025-4330
CVE-2025-4517CRITICAL15 feb 2026
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir
GitHub PoC
[AtHack 2026] Pwn challenge about telnetd CVE-2026-24061
CVE-2026-24061CRITICALbajo ataque15 feb 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir
GitHub PoC8
Privilege Escalation script for CVE-2025-4517
CVE-2025-4517CRITICAL15 feb 2026
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir
GitHub PoC2
CVE-2025-4517 (CVSS 9.4 – Critical) A vulnerability in Python's `tarfile`
CVE-2025-4517CRITICAL15 feb 2026
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir
GitHub PoC1
simple CVE-2017-7921 rewrite in python by me. for educational purposes only!
CVE-2017-7921CRITICALbajo ataque15 feb 2026
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RIESGO
abrir
GitHub PoC
CVE-2025-47812: Wing FTP Server 7.4.3 UnauthN RCE in sh
CVE-2025-47812CRITICALbajo ataque15 feb 2026
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir
GitHub PoC
Modified Exploit-DB proof-of-concept for CVE-2014-4688 (pfSense status_rrd_graph_img.php command injection)
CVE-2014-468815 feb 2026
pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_
23RIESGO
abrir
GitHub PoC2
Herramienta avanzada de explotación transversal de ruta de WinRAR para CVE-2025-8088
CVE-2025-8088HIGHbajo ataque14 feb 2026
Path traversal vulnerability in WinRAR
93RIESGO
abrir
GitHub PoC
CVE-2024-37383 Proof of Concept
CVE-2024-37383MEDIUMbajo ataque14 feb 2026
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
85RIESGO
abrir
GitHub PoC5
A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field.
CVE-2025-70830CRITICAL14 feb 2026
A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows aut
48RIESGO
abrir
GitHub PoC12
UAF and AOP coprocessor panic in IOHIDEventServiceFastPathUserClient. No entitlements, reachable from app sandbox.
CVE-2026-28992MEDIUM14 feb 2026
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7
33RIESGO
abrir
GitHub PoC
Samba 3.0.20 CVE-2007-2447 Exploit
CVE-2007-244714 feb 2026
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RIESGO
abrir
GitHub PoC
Домашняя работа по Pyton № 10 CVE-2020-11022 Краткое описание CVE-2020-11022 — уязвимость типа Reflected XSS (межсайтовый скриптинг), связанная с некорректной обработкой пользовательского ввода, который отражается в HTML-ответе без экранирования. Атакующий может внедрить JavaScript-код, который выполнится в браузере пользователя.
CVE-2020-11022MEDIUM14 feb 2026
jQuery has a potential XSS vulnerability
55RIESGO
abrir
GitHub PoC49
The PoC for CVE-2025-70795 / CVE-2026-0828 and updated driver
CVE-2025-70795MEDIUM14 feb 2026
STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCT
33RIESGO
abrir
GitHub PoC
nik123-py/CVE-2025-49132_HTB_SEASON10
CVE-2025-49132CRITICAL14 feb 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir
GitHub PoC1
CVE-2024-34102 exploit for python3
CVE-2024-34102CRITICALbajo ataque13 feb 2026
XXE can expose crypt key and other secrets granting full admin access
100RIESGO
abrir
GitHub PoC1
针对 Next.js 原型污染漏洞 (CVE-2025-55182) 的高效批量检测工具。
CVE-2025-55182CRITICALbajo ataqueransomware13 feb 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.