Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
71.114 exploits
GitHub PoC
Proof of Concept of CVE-2026-38526 in Krayin CRM <= v2.2.x. Arbitrary File Upload leading to Remote Code Execution
CVE-2026-38526CRITICAL24 jun 2026
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2021-22205CRITICALsob ataqueransomware24 jun 2026
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALsob ataque24 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2021-42013CRITICALsob ataqueransomware24 jun 2026
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-58034MEDIUMsob ataque24 jun 2026
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vul
90RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALsob ataqueransomware24 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC1
CVE-2026-48908
CVE-2026-48908CRITICAL24 jun 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2019-023223 jun 2026
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISCO
abrir
VulnCheck XDB
initial-access
CVE-2020-11651CRITICALsob ataque23 jun 2026
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISCO
abrir
GitHub PoC3
Proof of Concept (PoC) for the TP-Link DHCP Option 66 Unauthenticated RCE (CVE-2026-11834)
CVE-2026-11834HIGH23 jun 2026
Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers
41RISCO
abrir
GitHub PoC1
A minimal PoC for CVE-2026-21018, demonstrating how it works
CVE-2026-21018MEDIUM23 jun 2026
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary
33RISCO
abrir
GitHub PoC
Fuzzing the Microsoft Windows DNS client library. Inspired by CVE-2026-41096.
CVE-2026-41096CRITICAL23 jun 2026
Windows DNS Client Remote Code Execution Vulnerability
48RISCO
abrir
GitHub PoC
mythicaltree/CVE-2019-2215
CVE-2019-2215HIGHsob ataque23 jun 2026
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RISCO
abrir
GitHub PoC
CVE-2026-40369本地权限提升漏洞exp
CVE-2026-40369HIGH23 jun 2026
Windows Kernel Elevation of Privilege Vulnerability
41RISCO
abrir
GitHub PoC
Public advisory for CVE-2026-39253, addressing an insecure deserialisation in Pivotal CRM 6.6.04.08 allowing remote code execution via unsafe BinaryFormatter usage in Smart Client and PBS components. Includes vulnerability details, affected versions, and remediation guidance.
CVE-2026-39253HIGH23 jun 2026
An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll a
41RISCO
abrir
GitHub PoC2
This repository contains the Proof of Concept (PoC) exploit script for CVE-2026-45156
CVE-2026-45156HIGH23 jun 2026
Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC
41RISCO
abrir
GitHub PoC1
CVE-2026-11837: local privilege escalation in the ansible.posix authorized_key module via symlink-following chown. Technical writeup; sibling of CVE-2024-9902.
CVE-2026-11837HIGH23 jun 2026
Ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown
41RISCO
abrir
GitHub PoC
eliHiHo/portfolio-drupal-cve-2026-9082
CVE-2026-9082CRITICALsob ataque23 jun 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2021-41773HIGHsob ataqueransomware23 jun 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC10
CVE-2026-55200
CVE-2026-55200CRITICAL23 jun 2026
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
48RISCO
abrir
GitHub PoC10
CVE-2026-42978 — Use-After-Free race condition in Windows Push Notifications (WpnService). Patch diff, root cause analysis, TOCTOU lab, Sysmon/ETW detection rules.
CVE-2026-42978HIGH23 jun 2026
Windows Push Notifications Elevation of Privilege Vulnerability
41RISCO
abrir
GitHub PoC
s1lentf00thold/CVE-2020-11651-Poc
CVE-2020-11651CRITICALsob ataque23 jun 2026
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISCO
abrir
GitHub PoC
Apache Tomcat CGI Servlet RCE (Windows) — Educational PoC
CVE-2019-023223 jun 2026
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISCO
abrir
GitHub PoC
fuchiuebusi-lab/nginx-ui-CVE-2026-42221-CVE-2026-42238-
CVE-2026-42221HIGH23 jun 2026
nginx-ui: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim
41RISCO
abrir
GitHub PoC7
anyanything/CVE-2026-8461-PoC
CVE-2026-8461HIGH23 jun 2026
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RISCO
abrir
VulnCheck XDB
client-side
CVE-2024-21413CRITICALsob ataque23 jun 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
Prueba de concepto de CVE-2021-41773
CVE-2021-41773HIGHsob ataqueransomware23 jun 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
VulnCheck XDB
local
CVE-2019-2215HIGHsob ataque23 jun 2026
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RISCO
abrir
VulnCheck XDB
local
CVE-2021-4034HIGHsob ataque22 jun 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC
React2Shell POC
CVE-2025-55182CRITICALsob ataqueransomware22 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
anteriorpágina 17 / 2.371próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.