Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
71.062 exploits
GitHub PoC
The SSRF filter checked hostname text, but the actual destination was decided later by DNS. That gap let attacker-controlled Webhook URLs reach loopback, metadata, and private network targets.
CVE-2026-34207HIGH26 jun 2026
TypeBot: SSRF Protection Bypass via DNS-Resolved Hostnames in Webhook / HTTP Request Validation
41RISCO
abrir
GitHub PoC
Docmost accepted a javascript: URL inside an attachment node, preserved it through storage and rendering, and turned it back into a clickable anchor in the Docmost origin.
CVE-2026-34212MEDIUM26 jun 2026
Docmost page content has stored XSS via unsanitized attachment URLs
33RISCO
abrir
GitHub PoC15
mooder1/dirtyclone-CVE-2026-43503
CVE-2026-43503HIGH26 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISCO
abrir
VulnCheck XDB
info-leak
CVE-2026-26980CRITICAL26 jun 2026
Ghost has a SQL Injection in its Content API
75RISCO
abrir
GitHub PoC
12hrformat/CVE-2026-35273-POC
CVE-2026-35273CRITICALsob ataqueransomware26 jun 2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RISCO
abrir
GitHub PoC4
CVE-2026-8461
CVE-2026-8461HIGH26 jun 2026
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RISCO
abrir
GitHub PoC3
CVE-2026-20251 — Splunk Secure Gateway jsonpickle deserialization RCE (CVSS 8.8) | ReactiveZero Security Research
CVE-2026-20251HIGH26 jun 2026
Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-20253CRITICALsob ataque26 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISCO
abrir
GitHub PoC4
aexdyhaxor/CVE-2026-43503-DirtyClone
CVE-2026-43503HIGH26 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISCO
abrir
GitHub PoC
A low-privileged Docmost user could supply a victim attachmentId to the generic upload endpoint and overwrite another page's stored attachment inside the same workspace.
CVE-2026-34213MEDIUM26 jun 2026
Docmost has cross-page attachment overwrite via flawed attachmentId overwrite validation
33RISCO
abrir
GitHub PoC
A public share looked clean in the page tree, but the search endpoint told a different story. In Docmost, restricted child pages hidden from public share viewers could still leak through public share search results.
CVE-2026-33146MEDIUM26 jun 2026
Docmost's Public Share Search Exposes Metadata of Restricted Children
33RISCO
abrir
GitHub PoC
sec0x/CVE-2026-43503
CVE-2026-43503HIGH26 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISCO
abrir
GitHub PoC
Penpot's remote image import let an authenticated file editor turn a normal media convenience feature into backend-origin SSRF because attacker-controlled URLs crossed into a redirect-following server fetch path without destination filtering.
CVE-2026-45806HIGH26 jun 2026
Penpot: Authenticated SSRF in remote image import via create-file-media-object-from-url
38RISCO
abrir
GitHub PoC
e-corp-demo/CVE-2026-44788
CVE-2026-44788MEDIUM26 jun 2026
SharpCompress: Directory traversal via directory entries in WriteToDirectory (zip slip variant)
33RISCO
abrir
GitHub PoC1
CVE-2026-24207 — NVIDIA Triton SageMaker auth bypass to unauth RCE. Detection script, bypass demo, RCE-chain PoC, and IDS rules.
CVE-2026-24207CRITICAL26 jun 2026
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A succes
63RISCO
abrir
GitHub PoC
Squamity/CVE-2026-8181-PoC
CVE-2026-8181CRITICAL25 jun 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
GitHub PoC1
W5M1n9/Cisco-Unified-Communications-Manager-Server-Side-Forgery-Request-Vulnerability-CVE-2026-20230
CVE-2026-20230HIGH25 jun 2026
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
53RISCO
abrir
VulnCheck XDB
local
CVE-2016-5195HIGHsob ataque25 jun 2026
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISCO
abrir
GitHub PoC24
CVE-2026-43503
CVE-2026-43503HIGH25 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISCO
abrir
GitHub PoC
7whyex/CVE-2026-45321-Tanstack
CVE-2026-45321CRITICALsob ataqueransomware25 jun 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir
GitHub PoC1
CVE-2026-7574
CVE-2026-7574HIGH25 jun 2026
Anthropic Claude Desktop Cowork VM Image Contents Not Validated Before Use
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2023-20198CRITICALsob ataque25 jun 2026
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-8110HIGHsob ataque25 jun 2026
File overwrite in file update API in Gogs
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-8181CRITICAL25 jun 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-20230HIGH25 jun 2026
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
53RISCO
abrir
VulnCheck XDB
local
CVE-2025-61155MEDIUM25 jun 2026
The GameDriverX64.sys kernel-mode anti-cheat driver (v7.23.4.7 and earlier) contains an access control vulnerability in
33RISCO
abrir
VulnCheck XDB
initial-access
CVE-2021-29441HIGH25 jun 2026
Authentication bypass
78RISCO
abrir
GitHub PoC
POC of CVE-2026-53075
CVE-2026-53075HIGH25 jun 2026
ppp: require CAP_NET_ADMIN in target netns for unattached ioctls
41RISCO
abrir
GitHub PoC1
Proof of concept for CVE-2026-56111, an out-of-bounds write in the M421 G-code handler of Marlin Firmware
CVE-2026-56111HIGH24 jun 2026
Marlin Firmware 2.1.2.7 Out-of-Bounds Write via M421 G-code Handler
41RISCO
abrir
GitHub PoC1
Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter | Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account Takeover
CVE-2026-12416CRITICAL24 jun 2026
Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter
48RISCO
abrir
anteriorpágina 15 / 2.369próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.