Explotación pública

Catálogo de exploits

Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.

71.002exploits catalogados
31.582CVEs con explotación pública
22.467 exploits
Exploit-DB
Joomla Page Builder CK 3.5.10 - Arbitrary File Upload
CVE-2026-56290CRITICAL08 jul 2026
Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
48RIESGO
abrir
Exploit-DB
Krayin CRM v2.2.x - Authenticated Remote Code Execution
CVE-2026-38526CRITICAL08 jul 2026
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RIESGO
abrir
Exploit-DB
Tenable Nessus 10.12.1 - SQL Injection
CVE-2026-57588LOW07 jul 2026
SQL Injection in Nessus via Malicious Scan Result File Import
28RIESGO
abrir
Exploit-DB
Discuz! X5.0 - Authentication Bypass
CVE-2026-49952CRITICAL07 jul 2026
Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle
48RIESGO
abrir
Exploit-DB
Hydra - Stack Buffer Overflow
CVE-2026-56766HIGH07 jul 2026
Hydra - Stack Buffer Overflow in NTLM Authentication Handler
41RIESGO
abrir
Exploit-DB
Flowise 3.1.3 - arbitrary code execution
CVE-2026-58057LOW07 jul 2026
Flowise - Custom MCP Environment Variable Denylist Bypass via Case Sensitivity
28RIESGO
abrir
Exploit-DB
WordPress Plugin WPZOOM Portfolio 1.4.21 - Reflected Cross-Site Scripting (XSS)
CVE-2026-49069HIGH06 jul 2026
WordPress WPZOOM Portfolio plugin <= 1.4.21 - Cross Site Scripting (XSS) vulnerability
41RIESGO
abrir
Exploit-DB
Joomla Extension 4.1.4 - PHP Object injection
CVE-2026-48909CRITICAL06 jul 2026
Joomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4
48RIESGO
abrir
Exploit-DB
MEmu Android Emulator 9.2.7.0 - Local Privilege Escalation
CVE-2026-36213HIGH06 jul 2026
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.e
41RIESGO
abrir
Exploit-DB
KeepInMind 0.8.4.2 - Stored XSS
CVE-2026-9271MEDIUM06 jul 2026
KeepInMind - Dashboard Notes < 0.8.4.2 - Contributor+ Stored XSS
33RIESGO
abrir
Exploit-DB
Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass
CVE-2026-44225CRITICAL06 jul 2026
Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files
48RIESGO
abrir
Exploit-DB
OpenEMR 7.0.2 - Arbitrary File Read
CVE-2026-24849CRITICAL08 jun 2026
OpenEMR Arbitrary File Read Vulnerability
48RIESGO
abrir
Exploit-DB
WordPress OrderConvo 14 - Path Traversal
CVE-2025-10162HIGH01 jun 2026
OrderConvo < 14 - Unauthenticated Arbitrary File Read
56RIESGO
abrir
Exploit-DB
Drupal Core 10.5.5 - Error-Based SQL Injection
CVE-2026-9082CRITICALbajo ataque01 jun 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RIESGO
abrir
Exploit-DB
Notepad++ 8.9.6 - Arbitrary Code Execution
CVE-2026-48778HIGH30 may 2026
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RIESGO
abrir
Exploit-DB
YAMCS yamcs-core 5.12.7 - LDAP Injection
CVE-2026-42568MEDIUM30 may 2026
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RIESGO
abrir
Exploit-DB
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
CVE-2026-44403HIGH29 may 2026
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RIESGO
abrir
Exploit-DB
MikroORM 7.0.13 - SQL Injection
CVE-2026-44680HIGH29 may 2026
MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys
41RIESGO
abrir
Exploit-DB
Prodigy Commerce 3.3.0 - Local File Inclusion
CVE-2026-0926CRITICAL29 may 2026
Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]
63RIESGO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43284HIGH29 may 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RIESGO
abrir
Exploit-DB
ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
CVE-2026-46522HIGH29 may 2026
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
41RIESGO
abrir
Exploit-DB
ZTE Routers - Unauthenticated Denial of Service
CVE-2026-34473HIGH29 may 2026
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H
41RIESGO
abrir
Exploit-DB
ZTE H298A / H108N - Unauthenticated Credential Exposure
CVE-2026-34474HIGH29 may 2026
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to
46RIESGO
abrir
Exploit-DB
Microsoft - NTLMv2 Hash Capture
CVE-2026-32202MEDIUMbajo ataque29 may 2026
Windows Shell Spoofing Vulnerability
75RIESGO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43500HIGH29 may 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RIESGO
abrir
Exploit-DB
CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
CVE-2026-44376MEDIUM29 may 2026
CubeCart: Reflected XSS in Store Search Bar
33RIESGO
abrir
Exploit-DB
Langflow 1.3.0 - Remote Code Execution
CVE-2026-0770CRITICAL29 may 2026
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RIESGO
abrir
Exploit-DB
MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
CVE-2026-42471HIGH29 may 2026
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) cal
41RIESGO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-46300HIGH29 may 2026
net: skbuff: preserve shared-frag marker during coalescing
41RIESGO
abrir
Exploit-DB
Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
CVE-2026-1830CRITICAL29 may 2026
Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload
48RIESGO
abrir
página 1 / 749siguiente

Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.