Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
71.114 exploits
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALsob ataque22 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALsob ataqueransomware22 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC13
Unauthenticated RCE PoC for CVE-2026-48908 — SP Page Builder for Joomla (≤ 6.6.1): arbitrary file upload via asset.uploadCustomIcon. Self-cleaning, token-guarded. Authorized testing only.
CVE-2026-48908CRITICAL22 jun 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISCO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-42945CRITICAL22 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC1
Technical analysis of CVE-2026-42945 (NGINX Rift), a critical heap buffer overflow in NGINX's rewrite engine caused by a state mismatch between length calculation and copy operations, enabling worker crashes and potential remote code execution.
CVE-2026-42945CRITICAL22 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL22 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC2
Technical analysis of CVE-2026-46300 (Fragnesia), a Linux kernel page-cache write vulnerability that enables local privilege escalation through SKBFL_SHARED_FRAG invariant violations in the networking stack.
CVE-2026-46300HIGH22 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC
Detection & remediation toolkit for the Miasma / Shai-Hulud worm and CVE-2026-35603 (AI-agent/IDE config injection)
CVE-2026-35603MEDIUM22 jun 2026
Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows
33RISCO
abrir
GitHub PoC1
sec0x/CVE-2026-48907
CVE-2026-48907CRITICALsob ataque22 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC2
CVE-2025-48907 - Unauthenticated RCE exploit for Joomla JCE < 2.9.99.5
CVE-2026-48907CRITICALsob ataque22 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC
Vulnerability proof of concept reworked from https://github.com/utmost3/cve/issues/2 I take no credit for discovering the vulnerability. This is for educational and portfolio purposes only.
CVE-2026-6992HIGH22 jun 2026
Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-48908CRITICAL22 jun 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISCO
abrir
GitHub PoC
CVE-2026-4020 - Draft
CVE-2026-4020HIGH22 jun 2026
Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API
68RISCO
abrir
GitHub PoC
drolley919/joomla-cve-2015-8562-exploit-and-linux-forensic-analysis
CVE-2015-856222 jun 2026
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbi
60RISCO
abrir
GitHub PoC5
Unauthenticated PHP Object Injection to RCE in WP Activity Log <= 5.6.3.1 (CVE-2026-54806)
CVE-2026-54806CRITICAL22 jun 2026
WordPress WP Activity Log plugin <= 5.6.3.1 - PHP Object Injection vulnerability
48RISCO
abrir
GitHub PoC1
Ethical, network-isolated Docker lab reproducing CVE-2026-26030 — Semantic Kernel in-memory vector store filter eval() RCE (patched in 1.39.4)
CVE-2026-26030CRITICAL22 jun 2026
Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
48RISCO
abrir
GitHub PoC
POC for CVE-2026-23744 for a python revshell
CVE-2026-23744CRITICAL22 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC
CVE-2026-39031 — offline plaintext password recovery for Lansweeper lsrunase 2.0 / lsencrypt 2.0 via a hardcoded RC4 key. PoC + technical advisory.
CVE-2026-39031MEDIUM22 jun 2026
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt crede
33RISCO
abrir
VulnCheck XDB
initial-access
CVE-2022-23131CRITICALsob ataque22 jun 2026
Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML
100RISCO
abrir
VulnCheck XDB
local
CVE-2021-4034HIGHsob ataque22 jun 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC1
El exploit para obtener root usado la vulnerabilidad del CVE-2021-4034 o tambien llamado PwnKit el cual permite teniendo un shell hacer una escalada de privilegios siempre y cuando la version de pkexec sea = o < que la v0.105
CVE-2021-4034HIGHsob ataque22 jun 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC
Chaelsoo/CVE-2022-23131-Wrappers
CVE-2022-23131CRITICALsob ataque22 jun 2026
Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML
100RISCO
abrir
GitHub PoC
GNN-based supply chain backdoor detector for Python packages. Uses Code Property Graphs + 3-layer GCN to detect obfuscated backdoors by learning semantic data flow patterns — not just signatures. Inspired by XZ Utils (CVE-2024-3094).
CVE-2024-3094CRITICAL22 jun 2026
Xz: malicious code in distributed source
70RISCO
abrir
GitHub PoC
React2Shell POC
CVE-2025-55182CRITICALsob ataqueransomware22 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
POC for CVE-2025-24054
CVE-2025-24054MEDIUMsob ataque21 jun 2026
NTLM Hash Disclosure Spoofing Vulnerability
75RISCO
abrir
GitHub PoC
POC for CVE-2025-24893
CVE-2025-24893CRITICALsob ataque21 jun 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir
GitHub PoC
JFrog AppTrust lifecycle policy enforcement demo — shows release gate blocking CVE-2022-22965 (Spring4Shell) with waiver request flow
CVE-2022-22965CRITICALsob ataque21 jun 2026
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISCO
abrir
GitHub PoC
POC for CVE-2025-29927
CVE-2025-29927CRITICAL21 jun 2026
Authorization Bypass in Next.js Middleware
85RISCO
abrir
GitHub PoC
POC for CVE-2025-55182
CVE-2025-55182CRITICALsob ataqueransomware21 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Public disclosure for CVE-2026-43655 AppleM2ScalerCSCDriver use-after-free
CVE-2026-43655HIGH21 jun 2026
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macO
41RISCO
abrir
anteriorpágina 18 / 2.371próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.