Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
71.062 exploits
GitHub PoC
CVE-2026-22874 writeup: incomplete SSRF allow-list in Gitea webhook/migration (IPv6 transition and cloud metadata). Fixed in Gitea 1.26.3.
CVE-2026-22874CRITICAL04 jul 2026
Gitea webhook and migration allow-list filtering permits SSRF
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-5524CRITICAL04 jul 2026
Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' Parameter
48RISCO
abrir
GitHub PoC
Python & template nuclei
CVE-2026-48907CRITICALsob ataque04 jul 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2026-34197HIGHsob ataque04 jul 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISCO
abrir
GitHub PoC5
Apache ActiveMQ Classic RCE research: CVE-2026-34197 / CVE-2026-42588 bypass chain + hardened-6.2.6 audit findings + Crowdfense comparison
CVE-2026-34197HIGHsob ataque04 jul 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-56290CRITICAL04 jul 2026
Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL04 jul 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC3
CVE-2026-54998 RCE Exploit
CVE-2026-54998HIGH04 jul 2026
Microsoft Exchange Online Elevation of Privilege Vulnerability
41RISCO
abrir
GitHub PoC5
☄️ Mass reconnaissance & exploitation framework for Apache Solr CVE-2026-44825 — Velocity template injection to RCE
CVE-2026-44825HIGH03 jul 2026
Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users
41RISCO
abrir
GitHub PoC1
# CVE-2026-28995 Proof of Concept for CVE-2026-28995 — Path Traversal vulnerability in App Intents on iOS 26.4.2 and below.
CVE-2026-28995HIGH03 jul 2026
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 an
41RISCO
abrir
GitHub PoC
Pardus Software Local Privilege Escalation PoC - affected from <= 1.0.4
CVE-2026-14459HIGH03 jul 2026
Argument Injection in TUBITAK BILGEM's pardus-software
41RISCO
abrir
VulnCheck XDB
info-leak
CVE-2026-8451HIGH03 jul 2026
Insufficient input validation leading to memory overread
41RISCO
abrir
GitHub PoC
CVE-2026-49468 — LiteLLM (<1.84.0) unauthenticated auth bypass via Host-header route confusion. PoC + docker lab.
CVE-2026-49468CRITICAL03 jul 2026
LiteLLM: Authentication Bypass via Host Header Injection
48RISCO
abrir
GitHub PoC
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore.
CVE-2026-53753CRITICAL03 jul 2026
Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
48RISCO
abrir
GitHub PoC2
CVE-2026-8451
CVE-2026-8451HIGH03 jul 2026
Insufficient input validation leading to memory overread
41RISCO
abrir
GitHub PoC1
Page Builder CK for Joomla - Unauthenticated SSRF / Remote File Write leading to PHP execution Exploiter
CVE-2026-56290CRITICAL03 jul 2026
Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
48RISCO
abrir
GitHub PoC1
1beelze/CVE-2026-11387
CVE-2026-11387CRITICAL03 jul 2026
SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2017-12615HIGHsob ataqueransomware03 jul 2026
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisati
100RISCO
abrir
VulnCheck XDB
info-leak
CVE-2024-1561HIGH03 jul 2026
Arbitrary Local File Read via Component Method Invocation in gradio-app/gradio
56RISCO
abrir
GitHub PoC
FzRsLLaSheR/CVE-2026-12166_CVE-2026-12167_CVE-2026-12168
CVE-2026-12166MEDIUM02 jul 2026
CVE-2026-12166
33RISCO
abrir
GitHub PoC6
SimpleHelp OIDC Authentication Bypass PoC
CVE-2026-48558CRITICAL02 jul 2026
SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALsob ataque02 jul 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2026-52813CRITICAL02 jul 2026
Gogs: Path Traversal in organization name results in RCE through Git hooks
48RISCO
abrir
GitHub PoC1
Proof of concept for CVE-2026-36027 and CVE-2026-36028
CVE-2026-36027MEDIUM02 jul 2026
An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via
33RISCO
abrir
GitHub PoC
This repository contains a proof-of-concept (PoC) exploit for CVE-2026-38751, affecting OpenSTAManager ≤ 2.10. The vulnerability allows an authenticated attacker to upload a malicious module via the module update functionality, leading to arbitrary file upload and remote code execution (RCE).
CVE-2026-38751HIGH02 jul 2026
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionali
41RISCO
abrir
GitHub PoC
Crawl4AI <= 0.8.6 pre-auth RCE via AST sandbox escape (gi_frame.f_back.f_builtins chain) — CVSS 10.0
CVE-2026-53753CRITICAL02 jul 2026
Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
48RISCO
abrir
GitHub PoC1
kaleth4/CVE-2026-20896
CVE-2026-20896CRITICAL02 jul 2026
Gitea Docker image trusts spoofable reverse-proxy headers by default
48RISCO
abrir
GitHub PoC
kaleth4/CVE-2026-55200
CVE-2026-55200CRITICAL02 jul 2026
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
48RISCO
abrir
GitHub PoC
attarwahyup/Netscaler-CVE-2026-8451
CVE-2026-8451HIGH02 jul 2026
Insufficient input validation leading to memory overread
41RISCO
abrir
GitHub PoC
Hunt-Benito/llama-factory-webui-rce-cve-2026-58116-trust-remote-code-model-path-injection
CVE-2026-58116CRITICAL02 jul 2026
LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path
48RISCO
abrir
anteriorpágina 10 / 2.369próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.