Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.086 exploits
GitHub PoC
Time-Based Blind SQL Injection tool for MySQL - CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir ↗GitHub PoC
Technical analysis of Apache Tomcat CVE-2024-50379, covering root cause, exploitation conditions, detection strategies, and mitigation techniques.
Apache Tomcat: RCE due to TOCTOU issue in JSP compilation
60RISCO
abrir ↗GitHub PoC
ClearLotus-git/CVE-2026-4480-PoC
Samba: samba: remote code execution in printing subsystem via unescaped job description
68RISCO
abrir ↗GitHub PoC★ 1
GadaLuBau1337/CVE-2026-44578
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir ↗GitHub PoC
aelshimony-cloud/OpenWire-CVE-2023-46604-Investigation
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RISCO
abrir ↗GitHub PoC
CVE-2026-7515: BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion TO RCE EXPLOİT
BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
48RISCO
abrir ↗GitHub PoC
AlexMihailEngineer/CVE-2026-11784-Optimole-CSRF
Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization <= 4.2.6 - Cross-Site Request Forgery via 'optml_replace_file' AJAX Action
33RISCO
abrir ↗GitHub PoC
Повышение привилегий через race condition в polkit
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RISCO
abrir ↗GitHub PoC★ 2
ptd200110/CVE-2024-27198-SOC-Lab
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISCO
abrir ↗GitHub PoC★ 1
Unauthenticated Privilege Escalation via Account Takeover
Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover
48RISCO
abrir ↗GitHub PoC★ 4
Scanner PoC for CVE-2026-42530 -- nginx 1.31.0-1.31.1 HTTP/3 QPACK encoder stream Use-After-Free (CVSS 9.2)
NGINX Open-Source ngx_http_v3_module vulnerability
48RISCO
abrir ↗GitHub PoC
PoC for CVE-2022-0543 – Redis Remote Code Execution (RCE)
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific
100RISCO
abrir ↗GitHub PoC★ 2
POC for CVE-2026-25212
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileg
48RISCO
abrir ↗GitHub PoC
Exploitability PoC for CVE-2026-43515 (Apache Tomcat constraint bypass).
Apache Tomcat: Security constraints not correctly applied
48RISCO
abrir ↗GitHub PoC
Saku0512/CVE-2026-54761-poc
Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services
33RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-10520 - CVE-2026-10523 - Ivanti Sentry
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allow
60RISCO
abrir ↗GitHub PoC
CVE-2026-11551: Branda Plugin - Unauthenticated Privilege Escalation via Account Takeover
Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover
48RISCO
abrir ↗GitHub PoC★ 6
PoC exploit for CVE-2023-6019 - Remote Code Execution via unauthenticated Ray Dashboard Jobs API.
Ray Command Injection in cpu_profile Parameter
85RISCO
abrir ↗GitHub PoC
CVE-2026-42055 - Draft
NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability
48RISCO
abrir ↗GitHub PoC
CVE-2026-48611- authentication bypass in phpBB
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or
63RISCO
abrir ↗GitHub PoC
xxconi/CVE-2026-4782
Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter
33RISCO
abrir ↗GitHub PoC
CVE-2025-6254 — Doctreat Core <= 1.6.8 — Unauthenticated Privilege Escalation
Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation
48RISCO
abrir ↗GitHub PoC
Defensive lab validation and SOC detection guidance for CVE-2026-48907 in Joomla JCE <= 2.9.99.4, including Apache/Joomla/auditd telemetry, webshell artifacts, Sigma rules, MITRE ATT&CK mapping and mitigation recommendations.
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir ↗GitHub PoC
Store vulnerability POC files including CVE-2026-42588 Spring RCE xml payload
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector
41RISCO
abrir ↗GitHub PoC
A local lab for studying, reproducing, and verifying the patch for CVE-2026-42208: an unauthenticated SQL injection in LiteLLM's API key authentication path.
LiteLLM: SQL injection in Proxy API key verification
100RISCO
abrir ↗GitHub PoC★ 1
Unauthenticated Local File Inclusion
BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
48RISCO
abrir ↗GitHub PoC
A PoC/exploit written in python for the unauthenticated SQL injection vulnerability CVE-2026-3359 situated within Form Maker (version <= 1.15.42) by 10Web.
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.42 - Unauthenticated SQL Injection via 'inputs'
41RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.