Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC
mahfuzreham/litespeed-cpanel-cve-2026-54420-fix
CVE-2026-54420HIGHsob ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISCO
abrir
GitHub PoC
CVE-2025-30208 exploit script
CVE-2025-30208MEDIUM16 jun 2026
Vite bypasses server.fs.deny when using `?raw??`
70RISCO
abrir
GitHub PoC
CVE-2026-20262 - Draft
CVE-2026-20262MEDIUMsob ataque16 jun 2026
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
63RISCO
abrir
GitHub PoC4
Manage and recover BitLocker encrypted drives with this tool for Windows 11 recovery key management and educational study of CVE-2026-45585.
CVE-2026-45585MEDIUM16 jun 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir
GitHub PoC1
PoC exploit for CVE-2025-55182 (React2Shell) — Pre-auth RCE in React Server Components | CVSS 10.0
CVE-2025-55182CRITICALsob ataqueransomware16 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC62
CVE-2026-41940 exploitation proof-of-concept project
CVE-2026-41940CRITICALsob ataqueransomware16 jun 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC
TryHackMe SOC Level 1 — Follina CVE-2022-30190, Nim C2, Chisel, PrintSpoofer, backdoor accounts
CVE-2022-30190HIGHsob ataqueransomware15 jun 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC4
HTTP.sys Denial of Service Vulnerability & HTTP.sys Remote Code Execution Vulnerability
CVE-2026-49160HIGH15 jun 2026
HTTP.sys Denial of Service Vulnerability
53RISCO
abrir
GitHub PoC
testing
CVE-2026-0257HIGHsob ataque15 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
GitHub PoC
webapp vulnerable to CVE-2021-44228
CVE-2021-44228CRITICALsob ataqueransomware15 jun 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
GitHub PoC1
This repository documents CVE-2026-48849, a Stored Cross-Site Scripting (XSS), HTML Injection, and CSS Injection vulnerability discovered in Roundcube Webmai
CVE-2026-48849MEDIUM15 jun 2026
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored valu
33RISCO
abrir
GitHub PoC2
DylanZahedi/CVE-2026-9277
CVE-2026-9277CRITICAL15 jun 2026
shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`
48RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-10795-Lab
CVE-2026-10795HIGH15 jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RISCO
abrir
GitHub PoC3
PoC exploit for CVE-2026-53519.
CVE-2026-53519CRITICAL15 jun 2026
Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key
48RISCO
abrir
GitHub PoC
Research and analysis of the ServiceNow Virtual Agent vulnerability (CVE-2025-12420), including attack flow, MITRE ATT&CK mapping, detection strategies, and mitigation recommendations.
CVE-2025-12420CRITICAL15 jun 2026
Unauthenticated Privilege Escalation in ServiceNow AI Platform
60RISCO
abrir
GitHub PoC
ikarolaborda/CVE-2026-40176
CVE-2026-40176HIGH15 jun 2026
Composer is vulnerable to Command Injection via Malicious Perforce Repository
41RISCO
abrir
GitHub PoC
CVE-2026-38812 RuoYi v4.8.2 SQL Injection
CVE-2026-38812CRITICAL15 jun 2026
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generatio
48RISCO
abrir
GitHub PoC
ElianGonzi00/CVE-2025-2783
CVE-2025-2783HIGHsob ataque15 jun 2026
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RISCO
abrir
GitHub PoC
CVE-2026-20127
CVE-2026-20127CRITICALsob ataque14 jun 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir
GitHub PoC
CVE-2026-5513 — Bookly ≤ 27.2 Stored XSS via Cookie
CVE-2026-5513HIGH14 jun 2026
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RISCO
abrir
GitHub PoC
rohit-sundar/cve-2026-23744
CVE-2026-23744CRITICAL14 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC
Python RCE PoC with reverse-shell listener for CVE-2026-42945 (NGINX Rift)
CVE-2026-42945CRITICAL14 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Apache HTTP Server 2.4.49 Path Traversal Vulnerability Reproduction
CVE-2021-41773HIGHsob ataqueransomware14 jun 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC
CVE-2026-20253 - Splunk Enterprise
CVE-2026-20253CRITICALsob ataque14 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISCO
abrir
GitHub PoC
CVE-2025-14847 mongobleed python file
CVE-2025-14847HIGHsob ataque14 jun 2026
Zlib compressed protocol header length confusion may allow memory read
100RISCO
abrir
GitHub PoC
CVE-2026-5513: Bookly <= 27.2 Stored XSS via Cookie (Unauthenticated)
CVE-2026-5513HIGH14 jun 2026
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RISCO
abrir
GitHub PoC4
CVE-2026-20245
CVE-2026-20245HIGHsob ataque14 jun 2026
Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability
76RISCO
abrir
GitHub PoC1
Defensive research notes for CVE-2026-5950, a BIND 9 resolver DoS vulnerability credited to Billy Baraja (BielraX).
CVE-2026-5950MEDIUM14 jun 2026
Unbounded resend loop in BIND 9 resolver
33RISCO
abrir
GitHub PoC1
CVE-2024-3094 XZ Utils backdoor research - attack surface visualiser, system vulnerability checker, and general Linux CVE assessment tool
CVE-2024-3094CRITICAL14 jun 2026
Xz: malicious code in distributed source
70RISCO
abrir
GitHub PoC
webshellseo8/CVE-2026-53787-POC-
CVE-2026-53787CRITICAL14 jun 2026
Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload
63RISCO
abrir
anteriorpágina 17 / 437próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.