Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.180exploits catalogados
31.691CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8078Nuclei 4190Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.140 exploits
GitHub PoC
Unauthenticated remote code execution vulnerability in WordPress Bricks Builder <= 1.9.6. The template render endpoint accepts PHP code without authentication, allowing arbitrary command execution as the web server user.
WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
85RIESGO
abrir ↗GitHub PoC
Exploit for CVE-2024-6232 - Python Tarfile Realpath Overflow
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir ↗GitHub PoC
PoC and explanation for CVE-2025-4517 used in a CTF I was playing.
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir ↗GitHub PoC
andres101c/Shellshock-CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RIESGO
abrir ↗GitHub PoC
Proof-of-concept exploit for CVE-2023-20198, an authentication bypass vulnerability affecting Cisco IOS XE Web UI
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RIESGO
abrir ↗GitHub PoC
Interactive shell client for React Server Components RCE exploitation via __proto__ pollution (CVE-2025-55182)
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC
New CVE-2019-7609 which works with python 13
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker
100RIESGO
abrir ↗GitHub PoC★ 2
CVE-2025-47812 POC
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir ↗GitHub PoC★ 4
CVE For Pterodactyl (For Study and Education)
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir ↗GitHub PoC
A high-performance Python toolkit to automate the CVE-2025-4517 PATH_MAX bypass exploit. Specifically tuned for the WingData HTB challenge to achieve arbitrary file writes and root persistence
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir ↗GitHub PoC
rogerzeferino/Apache-Solr-RCE-CVE-2019-17558
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A V
100RIESGO
abrir ↗GitHub PoC
Authenticated RCE in Netgate pfSense CE 2.7.2 and 2.8.0
Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP ob
48RIESGO
abrir ↗GitHub PoC★ 2
CVE‑2025‑4517 Proof‑of‑Concept Script
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir ↗GitHub PoC★ 8
Python tarfile data filter bypass via PATH_MAX overflow in os.path.realpath() - CVE-2025-4517 / CVE-2025-4330
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir ↗GitHub PoC
[AtHack 2026] Pwn challenge about telnetd CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir ↗GitHub PoC★ 8
Privilege Escalation script for CVE-2025-4517
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir ↗GitHub PoC★ 2
CVE-2025-4517 (CVSS 9.4 – Critical) A vulnerability in Python's `tarfile`
Arbitrary writes via tarfile realpath overflow
48RIESGO
abrir ↗GitHub PoC★ 1
simple CVE-2017-7921 rewrite in python by me. for educational purposes only!
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RIESGO
abrir ↗GitHub PoC
CVE-2025-47812: Wing FTP Server 7.4.3 UnauthN RCE in sh
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RIESGO
abrir ↗GitHub PoC
Modified Exploit-DB proof-of-concept for CVE-2014-4688 (pfSense status_rrd_graph_img.php command injection)
pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_
23RIESGO
abrir ↗GitHub PoC★ 2
Herramienta avanzada de explotación transversal de ruta de WinRAR para CVE-2025-8088
Path traversal vulnerability in WinRAR
93RIESGO
abrir ↗GitHub PoC
CVE-2024-37383 Proof of Concept
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
85RIESGO
abrir ↗GitHub PoC★ 5
A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field.
A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows aut
48RIESGO
abrir ↗GitHub PoC★ 12
UAF and AOP coprocessor panic in IOHIDEventServiceFastPathUserClient. No entitlements, reachable from app sandbox.
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7
33RIESGO
abrir ↗GitHub PoC
Samba 3.0.20 CVE-2007-2447 Exploit
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RIESGO
abrir ↗GitHub PoC
Домашняя работа по Pyton № 10 CVE-2020-11022 Краткое описание CVE-2020-11022 — уязвимость типа Reflected XSS (межсайтовый скриптинг), связанная с некорректной обработкой пользовательского ввода, который отражается в HTML-ответе без экранирования. Атакующий может внедрить JavaScript-код, который выполнится в браузере пользователя.
jQuery has a potential XSS vulnerability
55RIESGO
abrir ↗GitHub PoC★ 49
The PoC for CVE-2025-70795 / CVE-2026-0828 and updated driver
STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCT
33RIESGO
abrir ↗GitHub PoC
nik123-py/CVE-2025-49132_HTB_SEASON10
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir ↗GitHub PoC★ 1
CVE-2024-34102 exploit for python3
XXE can expose crypt key and other secrets granting full admin access
100RIESGO
abrir ↗GitHub PoC★ 1
针对 Next.js 原型污染漏洞 (CVE-2025-55182) 的高效批量检测工具。
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.