Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC
A vulnerability in LiteSpeed cPanel Plugin before 2.4.8 and WHM Plugin before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
CVE-2026-54420HIGHsob ataque18 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISCO
abrir
GitHub PoC1
CVE-2026-40369
CVE-2026-40369HIGH18 jun 2026
Windows Kernel Elevation of Privilege Vulnerability
41RISCO
abrir
GitHub PoC
HTTP2-Bomb
CVE-2026-49975HIGH18 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir
GitHub PoC
A PoC/exploit written in python for the unauthenticated SQL injection vulnerability CVE-2026-3359 situated within Form Maker (version <= 1.15.42) by 10Web.
CVE-2026-3359HIGH18 jun 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.42 - Unauthenticated SQL Injection via 'inputs'
41RISCO
abrir
GitHub PoC7
CVE-2026-50656
CVE-2026-50656HIGH18 jun 2026
Microsoft Defender Elevation of Privilege Vulnerability
41RISCO
abrir
GitHub PoC
Reproduction lab for CVE-2026-54316 (Claude Code WebFetch huggingface.co bare-hostname permission bypass / exfiltration)
CVE-2026-54316MEDIUM18 jun 2026
Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch
33RISCO
abrir
GitHub PoC
Store vulnerability POC files including CVE-2026-42588 Spring RCE xml payload
CVE-2026-42588HIGH18 jun 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector
41RISCO
abrir
GitHub PoC9
0xCyberstan/CVE-2026-46215-POC
CVE-2026-46215HIGH18 jun 2026
drm: Set old handle to NULL before prime swap in change_handle
41RISCO
abrir
GitHub PoC
A local lab for studying, reproducing, and verifying the patch for CVE-2026-42208: an unauthenticated SQL injection in LiteLLM's API key authentication path.
CVE-2026-42208CRITICALsob ataque18 jun 2026
LiteLLM: SQL injection in Proxy API key verification
100RISCO
abrir
GitHub PoC2
CVE-2025-54123 Hoverfly Command Injection to RCE PoC
CVE-2025-54123CRITICAL18 jun 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISCO
abrir
GitHub PoC1
Defensive lab validation and SOC detection guidance for CVE-2026-48907 in Joomla JCE <= 2.9.99.4, including Apache/Joomla/auditd telemetry, webshell artifacts, Sigma rules, MITRE ATT&CK mapping and mitigation recommendations.
CVE-2026-48907CRITICALsob ataque18 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC
Full-chain CVE-2025-57819 PoC for FreePBX 15, 16, and 17: unauthenticated SQLi to RCE and root takeover.
CVE-2025-57819CRITICALsob ataque18 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
GitHub PoC1
Unauthenticated RCE exploit for Veritas Backup Exec Agent (CVE-2021-27876/77/78) — SHA auth bypass to SYSTEM via NDMP
CVE-2021-27876HIGHsob ataqueransomware18 jun 2026
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RISCO
abrir
GitHub PoC
CVE‑2024‑20399 - Draft
CVE-2024-20399MEDIUMsob ataque17 jun 2026
Cisco NX-OS Software CLI Command Injection Vulnerability
63RISCO
abrir
GitHub PoC
CVE-2026-7654 Admin Columns PHP Object Injection RCE Exploit
CVE-2026-7654HIGH17 jun 2026
Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value
41RISCO
abrir
GitHub PoC
CVE-2026-8206 Kirki Plugin Unauthenticated Account Takeover Exploit
CVE-2026-8206CRITICAL17 jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISCO
abrir
GitHub PoC
This project documents the completion and analysis of the Fragnesia (CVE-2026-46300) TryHackMe lab, which demonstrates a Linux kernel page-cache corruption vulnerability capable of achieving local priviledge escalation through modification of cached file pages without altering files on disk.
CVE-2026-46300HIGH17 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC132
PACKET_EDIT_MEME.c (aka CVE-2026-46331): yet another page cache poisoning nightmare
CVE-2026-46331HIGH17 jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-49060-Lab
CVE-2026-49060CRITICAL17 jun 2026
WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-49104 Integration for Keap/Infusionsoft PHP Object Injection Exploit
CVE-2026-49104CRITICAL17 jun 2026
WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-42758 WebinarIgnition Exploit
CVE-2026-42758CRITICAL17 jun 2026
WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-49079 JetSearch SQL Injection Exploit
CVE-2026-49079CRITICAL17 jun 2026
WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-9691: Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 Unauthenticated PHP Object Injection PoC, Patch Analysis & Rule
CVE-2026-9691CRITICAL17 jun 2026
WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-49085 WP Insightly PHP Object Injection Exploit
CVE-2026-49085CRITICAL17 jun 2026
WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
48RISCO
abrir
GitHub PoC
mandeepsohal/CVE-2025-66391
CVE-2025-66391HIGH17 jun 2026
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
41RISCO
abrir
GitHub PoC
segunakinsoyinu/CVE-2024-42009-roundcube-xss
CVE-2024-42009CRITICALsob ataque17 jun 2026
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RISCO
abrir
GitHub PoC
The project documents the completion and analysis of the Fragnesia (CVE-2026-46300) TryHackME lab, which demonstrates a Linux kernel page -cache corruption vulnerability capable of achieving local privilege escalation through modification of cached file pages without altering files on disk.
CVE-2026-46300HIGH17 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC
CVE-2026-49105 WP Zendesk PHP Object Injection Exploit
CVE-2026-49105CRITICAL17 jun 2026
WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
48RISCO
abrir
GitHub PoC
87achrafg-stack/CVE-2026-49083
CVE-2026-49083HIGH17 jun 2026
WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
41RISCO
abrir
GitHub PoC
CVE-2026-7459 Simple History Missing Authorization Account Takeover Exploit
CVE-2026-7459HIGH17 jun 2026
Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint
41RISCO
abrir
anteriorpágina 15 / 437próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.