Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC5
CVE-2026-46331 — Linux Kernel Local Privilege Escalation TC pedit + IPsec TEE Page Cache Corruption · Affected kernels: ≤ 6.12.9
CVE-2026-46331HIGH28 jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RISCO
abrir
GitHub PoC192
CVE-2026-41940 authentication bypass vulnerability proof-of-concept
CVE-2026-41940CRITICALsob ataqueransomware28 jun 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC
Why-Shell/CVE-2026-38751
CVE-2026-38751HIGH28 jun 2026
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionali
41RISCO
abrir
GitHub PoC
Unauthenticated RCE PoC for CVE-2026-48908 SP Page Builder (Joomla) arbitrary file upload and remote code execution exploit with mass scaning support.
CVE-2026-48908CRITICAL28 jun 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISCO
abrir
GitHub PoC
Double-free in Apache httpd mod_http2 stream cleanup leading to pre-auth RCE
CVE-2026-23918HIGH28 jun 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISCO
abrir
GitHub PoC1
CVE-2026-49048 — JoomCCK 6.4.0 Unauthenticated SQL Injection (CVSS 9.8)
CVE-2026-49048HIGH28 jun 2026
Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1
41RISCO
abrir
GitHub PoC1
CVE-2026-12485
CVE-2026-12485CRITICAL28 jun 2026
GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command
48RISCO
abrir
GitHub PoC2
DirtyClone - local privilege escalation (LPE) proof-of-concept targeting a kernel/XFRM-related vulnerability described in the source as CVE-2026-43503
CVE-2026-43503HIGH28 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISCO
abrir
GitHub PoC
PoC for CVE-2026-5366: git argument injection in Prefect's GitRepository leading to RCE on the worker.
CVE-2026-5366CRITICAL27 jun 2026
Git Argument Injection in prefecthq/prefect
48RISCO
abrir
GitHub PoC2
Educational, defensive kit for two Linux page-cache-corruption LPEs (DirtyClone CVE-2026-43503, pedit COW CVE-2026-46331): hardening, detection, verification, seccomp + validation harness. Detection and prevention only — no exploit code. TLP:CLEAR.
CVE-2026-43503HIGH27 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISCO
abrir
GitHub PoC1
WP Full Stripe Free <= 8.4.3 - Missing Authorization
CVE-2026-12432MEDIUM27 jun 2026
Stripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' Parameter
33RISCO
abrir
GitHub PoC56
cve-2026-48907 scanner
CVE-2026-48907CRITICALsob ataque27 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC
CVE-2026-48907 is a CVSS 10.0 pre-auth RCE in Joomla Content Editor affecting all versions ≤ 2.9.99.4. The Grayxploit team breaks down the 3-weakness chain — missing auth, no extension validation, and an unsafe upload flag — that lets attackers pop a shell in 3 HTTP requests.
CVE-2026-48907CRITICALsob ataque27 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC
patched ffmpeg-tools for jellyfin to patch CVE-2026-8461 aka PixelSmash
CVE-2026-8461HIGH27 jun 2026
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RISCO
abrir
GitHub PoC105
CVE-2026-43499 PoC
CVE-2026-43499HIGH27 jun 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir
GitHub PoC
SugiB3o/CVE-2026-31431
CVE-2026-31431HIGHsob ataque27 jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC2
CVE-2026-0073-Android-ADBD-bypass-POC汉化版
CVE-2026-0073HIGH27 jun 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISCO
abrir
GitHub PoC
CVE-2026-46331 - Draft
CVE-2026-46331HIGH27 jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RISCO
abrir
GitHub PoC
Hunt-Benito/traefik-stripprefix-auth-bypass-cve-2026-48020-path-normalization
CVE-2026-48020HIGH27 jun 2026
Traefik StripPrefix Route-Level Auth Bypass via Path Normalization
41RISCO
abrir
GitHub PoC7
OpenSTAManager-RCE-Exploit-CVE-2026-38751
CVE-2026-38751HIGH27 jun 2026
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionali
41RISCO
abrir
GitHub PoC
A low-privileged Docmost user could supply a victim attachmentId to the generic upload endpoint and overwrite another page's stored attachment inside the same workspace.
CVE-2026-34213MEDIUM26 jun 2026
Docmost has cross-page attachment overwrite via flawed attachmentId overwrite validation
33RISCO
abrir
GitHub PoC4
CVE-2026-8461
CVE-2026-8461HIGH26 jun 2026
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RISCO
abrir
GitHub PoC
CVE-2026-54807 WooCommerce Privilege Escalation ║ ║ Unauthenticated Admin Role Assignment via Reg. Form
CVE-2026-54807CRITICAL26 jun 2026
WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerability
48RISCO
abrir
GitHub PoC
A local package installation helper trusted caller-supplied package names too much. In yeoman-environment, missing generators could be installed without user confirmation, turning attacker-controlled project metadata into a package-install and code-execution path.
CVE-2026-42089HIGH26 jun 2026
yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation
41RISCO
abrir
GitHub PoC26
CVE-2026-46331
CVE-2026-46331HIGH26 jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RISCO
abrir
GitHub PoC1
CVE-2026-8932
CVE-2026-8932HIGH26 jun 2026
incomplete mTLS config matching in conn reuse
41RISCO
abrir
GitHub PoC
Penpot's remote image import let an authenticated file editor turn a normal media convenience feature into backend-origin SSRF because attacker-controlled URLs crossed into a redirect-following server fetch path without destination filtering.
CVE-2026-45806HIGH26 jun 2026
Penpot: Authenticated SSRF in remote image import via create-file-media-object-from-url
38RISCO
abrir
GitHub PoC
Docmost accepted a javascript: URL inside an attachment node, preserved it through storage and rendering, and turned it back into a clickable anchor in the Docmost origin.
CVE-2026-34212MEDIUM26 jun 2026
Docmost page content has stored XSS via unsanitized attachment URLs
33RISCO
abrir
GitHub PoC
A public share looked clean in the page tree, but the search endpoint told a different story. In Docmost, restricted child pages hidden from public share viewers could still leak through public share search results.
CVE-2026-33146MEDIUM26 jun 2026
Docmost's Public Share Search Exposes Metadata of Restricted Children
33RISCO
abrir
GitHub PoC
Plane’s V2 asset subsystem trusted workspace slugs and asset UUIDs without enforcing the right membership checks, which let one authenticated user read, copy, delete, and overwrite assets in other workspaces.
CVE-2026-46558HIGH26 jun 2026
Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces
41RISCO
abrir
anteriorpágina 10 / 437próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.