Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.622exploits catalogados
32.030CVEs con explotación pública
1932probados en laboratorio
TodosExploit-DB 22.786Referência 19.896GitHub PoC 13.187VulnCheck XDB 8100Nuclei 4191Metasploit 3462✓ solo verificadosrecientespopularesriesgo
13.187 exploits
GitHub PoC★ 3
PoC exploit for CVE-2025-49132 (GHSA-24wv-6c99-f843) – Unauthenticated Remote Code Execution in Pterodactyl Panel ≤ 1.11.10
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir ↗GitHub PoC★ 1
This script exploits Remote Code Execution vulnerability in Pterodactyl Panel < 1.11.11
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir ↗GitHub PoC
Cisco iOS SNMP Overflow Exploit Toolkit (CVE-2017-6736)
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabiliti
93RIESGO
abrir ↗GitHub PoC
Ahmedf000/CVE-2025-49132_HTB_SEASON10
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir ↗GitHub PoC
A POC chain exploit using the recent Cisco SMP exploit (CVE-2017-6736) to chain into Spectre (CVE-2017-5753 and CVE-2017-5715)
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabiliti
93RIESGO
abrir ↗GitHub PoC
PowerShell remediation for CVE-2013-3900 (WinVerifyTrust) / Tenable Plugin 166555 using EnableCertPaddingCheck.
WinVerifyTrust Signature Validation Vulnerability
75RIESGO
abrir ↗GitHub PoC
This is a modified version of the time-based SQL injection exploit for CMS Made Simple <= 2.2.9. The exploit was originally created by Daniele Scanu and has been updated for better compatibility and modern Python practices.
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RIESGO
abrir ↗GitHub PoC
CVE-2025-62215 exploit development using Claude Code Agent Team
Windows Kernel Elevation of Privilege Vulnerability
71RIESGO
abrir ↗GitHub PoC★ 1
Ni8mare, n8n RCE
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
85RIESGO
abrir ↗GitHub PoC
Wise-Security/CVE-2025-69599
RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH e
48RIESGO
abrir ↗GitHub PoC★ 1
George0Papasotiriou/CVE-2025-61882-Oracle-BI-Publisher-RCE
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integratio
100RIESGO
abrir ↗GitHub PoC★ 3
CVE-2025-54253 | CVE-2025-54254 | Adobe Experience Manager Forms XXE → RCE Framework
Adobe Experience Manager | Incorrect Authorization (CWE-863)
100RIESGO
abrir ↗GitHub PoC
Laboratorio criado para PenTest da Vuln CVE 2024-214113(MONIKER LINK).
Microsoft Outlook Remote Code Execution Vulnerability
100RIESGO
abrir ↗GitHub PoC★ 1
Enumeration tool for CVE-2024-45440
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash
48RIESGO
abrir ↗GitHub PoC★ 1
George0Papasotiriou/CVE-2025-59470-PostgreSQL-Command-Injection
This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a mal
48RIESGO
abrir ↗GitHub PoC★ 1
George0Papasotiriou/CVE-2025-15556-Notepad-WinGUp-Updater-RCE
Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification
71RIESGO
abrir ↗GitHub PoC
bixiPRO/Drupalgeddon2-CVE-2018-7600
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RIESGO
abrir ↗GitHub PoC
RCE on Next 16.0.6
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC★ 1
George0Papasotiriou/CVE-2025-55182-React2Shell-CVSS-10.0-
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗GitHub PoC★ 1
CVE-2025-49132: Pterodactyl Panel UnauthN LFI to RCE (w/ pearcmd) in posix sh
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir ↗GitHub PoC
bananoname/CVE-2024-6386-WPML-SSTI
WPML Multilingual CMS <= 4.6.12 - Authenticated (Contributor+) Remote Code Execution via Twig Server-Side Template Injection
53RIESGO
abrir ↗GitHub PoC★ 1
George0Papasotiriou/CVE-2025-8110-Gogs-Remote-Code-Execution
File overwrite in file update API in Gogs
100RIESGO
abrir ↗GitHub PoC★ 3
George0Papasotiriou/CVE-2025-14174-Chrome-Zero-Day
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perfor
76RIESGO
abrir ↗GitHub PoC
faysalferdous/CVE-2025-68645-Exploiting-Zimbra-Webmail-LFI-Vulnerability
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1
98RIESGO
abrir ↗GitHub PoC
CVE-2025-9074: Docker Desktop LPE via Docker Engine API wo/ AuthN in posix sh
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RIESGO
abrir ↗GitHub PoC★ 1
This repo contains RCE exploit for Pterodactyl htb machine
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RIESGO
abrir ↗GitHub PoC
HikVision Auth Bypass CVE, tool is able to extract credentials, and take snapshots based on magic cookie or supplied credentials.
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RIESGO
abrir ↗GitHub PoC★ 1
IoCs and detection rules for the Notepad++ supply chain attack (CVE-2025-15556) — Lotus Blossom APT, June–December 2025. Includes Falcon LogScale queries, YARA/Sigma rules, and MITRE ATT&CK mapping.
Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification
71RIESGO
abrir ↗GitHub PoC
Proof-of-concept exploit for CVE-2017-12542, an authentication bypass vulnerability in HP iLO. Allows vulnerability detection and unauthorized account creation on affected systems
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53
60RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.