Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.002exploits catalogados
31.582CVEs com exploração pública
71.002 exploits
GitHub PoC
Bartixxx32/CVE-2026-43499-OnePlus15
CVE-2026-43499HIGH14 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-46584: Apache Camel camel-mail mail.smtp.* header injection enabling credential theft via on-path SOCKS interception (fixed in 4.14.8/4.18.3/4.21.0)
CVE-2026-46584LOW14 jul 2026
Apache Camel Mail: The mail producer applied attacker-supplied message headers as JavaMail session properties, allowing an attacker to influence SMTP parameters
28RISCO
abrir
GitHub PoC
JohannesLks/CVE-2026-50338
CVE-2026-50338HIGH14 jul 2026
Azure Spring Apps Elevation of Privilege Vulnerability
38RISCO
abrir
VulnCheck XDB
initial-access
CVE-2023-3864614 jul 2026
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary comman
60RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-0740CRITICAL14 jul 2026
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-46457 — Apache Camel camel-nats inbound header injection (Camel control-header injection via a NATS publisher; CamelHttpUri -> SSRF)
CVE-2026-46457HIGH14 jul 2026
Apache Camel: Camel-NATS: Inbound NATS message headers are mapped into the Exchange without a configured HeaderFilterStrategy, allowing a client that can publish to the subject to inject Camel control headers
41RISCO
abrir
GitHub PoC3
Vulnerability analysis and Proof of Concept (PoC) for CVE-2026-43499 affecting Xiaomi devices. For educational and research purposes only.
CVE-2026-43499HIGH14 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir
GitHub PoC1
本次个人漏洞研究进展成果
CVE-2026-43499HIGH14 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir
GitHub PoC
CVE-2026-8181 — Burst Statistics WordPress plugin Authentication Bypass (CVSS 9.8) to Admin Account Takeover. Mass scanner with FOFA/Shodan integration and modern GUI.
CVE-2026-8181CRITICAL14 jul 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
GitHub PoC1
Mendeteksi versi (passive detection) & Exploitation CVE POC
CVE-2026-56291CRITICALsob ataque13 jul 2026
Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
78RISCO
abrir
GitHub PoC
nuclei template for CVE-2026-56291
CVE-2026-56291CRITICALsob ataque13 jul 2026
Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
78RISCO
abrir
GitHub PoC1
CVE-2026-6307 - Google Chrome V8 Turbofan Type Confusion Sandbox Escape - PoC & Analysis | CVSS 8.8 HIGH | AMN SECURITY
CVE-2026-6307HIGH13 jul 2026
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2022-2907813 jul 2026
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[
50RISCO
abrir
GitHub PoC3
Unauthenticated Arbitrary File/Folder Deletion in Joomla Helix Ultimate (JoomShaper) <= 2.2.6 — CVE-2026-57830
CVE-2026-57830HIGH13 jul 2026
Joomla Extension - joomshaper.com - Unauthenticated arbitrary file deletion in Helix Ultimate < 2.2.7
41RISCO
abrir
GitHub PoC1
CVE-2026-46529 - Atril Evince XReader PDF Clickable Link RCE - PoC & Analysis | CVSS 7.8 HIGH | AMN SECURITY
CVE-2026-46529HIGH13 jul 2026
PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
41RISCO
abrir
GitHub PoC
CVE-2026-53805 - Draft
CVE-2026-53805CRITICAL13 jul 2026
NVIDIA SIL GEN3C Unauthenticated RCE via Pickle Deserialization in Inference API
48RISCO
abrir
GitHub PoC
CVE-2026-49049 Helix3 (JoomShaper) Joomla Unauthenticated AJAX RCE Scanner
CVE-2026-49049HIGH13 jul 2026
Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler
41RISCO
abrir
GitHub PoC11
CVE-2026-43724 - Apple's published enough advisories about the issue, I'm not getting paid for any of my kernel bugs.
CVE-2026-43724HIGH13 jul 2026
The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tah
41RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-46454 — Apache Camel camel-cometd inbound Bayeux header injection (unauthenticated Camel control-header injection → downstream producer steering / RCE)
CVE-2026-46454CRITICAL13 jul 2026
Apache Camel: Camel-Cometd: Inbound Bayeux message headers are mapped into the Exchange without a HeaderFilterStrategy, allowing unauthenticated clients to inject Camel control headers
48RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-46455 — Apache Camel camel-keycloak missing TokenVerifier.IS_ACTIVE check (expired access tokens accepted)
CVE-2026-46455CRITICAL13 jul 2026
Apache Camel: Camel-Keycloak: The access-token validity window is not verified because the IS_ACTIVE check is missing from the TokenVerifier, allowing expired tokens to be accepted
48RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-46456 — Apache Camel camel-aws2-sqs inbound message-attribute header injection (Camel control-header injection via sqs:SendMessage → downstream producer steering / RCE)
CVE-2026-46456CRITICAL13 jul 2026
Apache Camel: Camel-AWS2-SQS: Inbound message attributes are mapped into the Exchange without an inbound HeaderFilterStrategy, allowing a message sender to inject Camel control headers
48RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-43867 — Apache Camel camel-pqc AwsSecretsManagerKeyLifecycleManager unsafe key-metadata deserialization (RCE)
CVE-2026-43867CRITICAL13 jul 2026
Apache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter
48RISCO
abrir
GitHub PoC
Admin-only terminal bootstrap routes checked only for login state, which let a normal team member drive Coolify's realtime terminal backend and execute commands on team servers.
CVE-2026-34048CRITICAL13 jul 2026
Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers
48RISCO
abrir
VulnCheck XDB
info-leak
CVE-2023-25157CRITICAL13 jul 2026
Unfiltered SQL Injection Vulnerabilities in Geoserver
85RISCO
abrir
GitHub PoC3
Unauthenticated Stored XSS in Joomla Helix Ultimate (JoomShaper) <= 2.2.6
CVE-2026-57829HIGH13 jul 2026
Joomla Extension - joomshaper.com - Unauthenticated stored XSS in Helix Ultimate < 2.2.7
41RISCO
abrir
GitHub PoC1
CVE-2026-40047 - Apache Camel Docling CLI Argument Injection - PoC & Analysis | CVSS 9.1 CRITICAL | AMN SECURITY
CVE-2026-40047CRITICAL13 jul 2026
Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer
48RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-46453 — Apache Camel camel-elasticsearch-rest-client unprefixed-header injection (operation/query override via inbound HTTP headers)
CVE-2026-46453MEDIUM13 jul 2026
Apache Camel: Camel-Elasticsearch-Rest-Client: Exchange header constants without the Camel prefix bypass inbound HTTP header filtering, allowing untrusted clients to override the Elasticsearch query and operation
33RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-56291CRITICALsob ataque13 jul 2026
Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
78RISCO
abrir
GitHub PoC1
CVE-2026-36214 - osTicket Stored XSS via Bootstrap Tooltip - PoC & Analysis | CVSS 8.7 HIGH | AMN SECURITY
CVE-2026-36214MEDIUM13 jul 2026
osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable
30RISCO
abrir
GitHub PoC
1beelze/CVE-2026-5118
CVE-2026-5118CRITICAL13 jul 2026
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
48RISCO
abrir
página 1 / 2.367próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.