Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC
87achrafg-stack/CVE-2026-49083
CVE-2026-49083HIGH17 jun 2026
WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
41RISCO
abrir
GitHub PoC
CVE-2026-5411 WP Captcha PRO
CVE-2026-5411HIGH17 jun 2026
WP Captcha PRO <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
41RISCO
abrir
GitHub PoC
Log4Shell (CVE-2021-44228) 보안 실습 환경 - Log4j 2.14.1 취약 로그 수집 서버
CVE-2021-44228CRITICALsob ataqueransomware17 jun 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
GitHub PoC
mandeepsohal/CVE-2025-66391
CVE-2025-66391HIGH17 jun 2026
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
41RISCO
abrir
GitHub PoC
CVE-2026-49079 JetSearch SQL Injection Exploit
CVE-2026-49079CRITICAL17 jun 2026
WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-49105 WP Zendesk PHP Object Injection Exploit
CVE-2026-49105CRITICAL17 jun 2026
WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-49104 Integration for Keap/Infusionsoft PHP Object Injection Exploit
CVE-2026-49104CRITICAL17 jun 2026
WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-49085 WP Insightly PHP Object Injection Exploit
CVE-2026-49085CRITICAL17 jun 2026
WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-9691: Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 Unauthenticated PHP Object Injection PoC, Patch Analysis & Rule
CVE-2026-9691CRITICAL17 jun 2026
WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-48907
CVE-2026-48907CRITICALsob ataque17 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-49060-Lab
CVE-2026-49060CRITICAL17 jun 2026
WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-39808 - Fortinet Sandbox - Draft
CVE-2026-39808CRITICAL17 jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
75RISCO
abrir
GitHub PoC
d4ngkh04w/CVE-2020-7961
CVE-2020-7961CRITICALsob ataque17 jun 2026
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary c
100RISCO
abrir
GitHub PoC
CVE-2026-39813 - Fortinet Sandbox - Draft
CVE-2026-39813CRITICAL17 jun 2026
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.
53RISCO
abrir
GitHub PoC
hulina9900-boop/DIY-CVE-2026-42945-POC
CVE-2026-42945CRITICAL17 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC132
PACKET_EDIT_MEME.c (aka CVE-2026-46331): yet another page cache poisoning nightmare
CVE-2026-46331HIGH17 jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RISCO
abrir
GitHub PoC2
Chaining Security Bugs in Discuz! X5.0: from Race Condition to Pre-Auth RCE
CVE-2026-49952CRITICAL17 jun 2026
Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle
48RISCO
abrir
GitHub PoC1
A script that gives you the credentials of a Pterodactyl panel vulnerable to CVE-2025-49132
CVE-2025-49132CRITICAL16 jun 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
GitHub PoC
Resellnom/litespeed-cpanel-cve-2026-54420-fix
CVE-2026-54420HIGHsob ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISCO
abrir
GitHub PoC1
PoC exploit for CVE-2025-55182 (React2Shell) — Pre-auth RCE in React Server Components | CVSS 10.0
CVE-2025-55182CRITICALsob ataqueransomware16 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC1
CVE-2026-54420
CVE-2026-54420HIGHsob ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISCO
abrir
GitHub PoC
CVE-2025-49844 exploit script
CVE-2025-49844CRITICAL16 jun 2026
Redis Lua Use-After-Free may lead to remote code execution
85RISCO
abrir
GitHub PoC8
This is a Linux Kernel Local Privilege Escalation PoC code for CVE-2026-52943 a use-after-free in skbuff.c, my first 0day found by me in linux kernel
CVE-2026-52943HIGH16 jun 2026
net: skbuff: fix missing zerocopy reference in pskb_carve helpers
41RISCO
abrir
GitHub PoC
mahfuzreham/litespeed-cpanel-cve-2026-54420-fix
CVE-2026-54420HIGHsob ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISCO
abrir
GitHub PoC
This is an exploit poc for CVE-2026-4480
CVE-2026-4480CRITICAL16 jun 2026
Samba: samba: remote code execution in printing subsystem via unescaped job description
68RISCO
abrir
GitHub PoC
Penetration testing assessment of a vulnerable IIS 6.0 WebDAV server, demonstrating reconnaissance, enumeration, exploitation (CVE-2017-7269), and privilege escalation to SYSTEM, along with risk analysis and remediation strategies.
CVE-2017-7269CRITICALsob ataque16 jun 2026
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in
100RISCO
abrir
GitHub PoC
Self-contained Docker reproduction and analysis of CVE-2024-23897, the Jenkins CLI arbitrary file read via the args4j @-syntax argument expansion.
CVE-2024-23897CRITICALsob ataqueransomware16 jun 2026
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISCO
abrir
GitHub PoC
CVE-2026-47101, CVE-2026-47102, CVE-2026-40217
CVE-2026-47101HIGH16 jun 2026
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
41RISCO
abrir
GitHub PoC
CVE-2026-20262 - Draft
CVE-2026-20262MEDIUMsob ataque16 jun 2026
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
63RISCO
abrir
GitHub PoC62
CVE-2026-41940 exploitation proof-of-concept project
CVE-2026-41940CRITICALsob ataqueransomware16 jun 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
anteriorpágina 16 / 437próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.