Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.114 exploits
GitHub PoC
CVE-2026-49104 Integration for Keap/Infusionsoft PHP Object Injection Exploit
WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability
48RISCO
abrir ↗GitHub PoC
87achrafg-stack/CVE-2026-49083
WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
41RISCO
abrir ↗GitHub PoC
CVE-2026-8206 Kirki Plugin Unauthenticated Account Takeover Exploit
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISCO
abrir ↗GitHub PoC
CVE-2026-49085 WP Insightly PHP Object Injection Exploit
WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
48RISCO
abrir ↗GitHub PoC
CVE-2026-5415 WP Captcha PRO Authenticated Authentication Bypass Exploit
WP Captcha PRO <= 5.38 - Authenticated (Subscriber+) Authentication Bypass via Temporary Login Link
41RISCO
abrir ↗GitHub PoC
CVE-2026-7654 Admin Columns PHP Object Injection RCE Exploit
Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value
41RISCO
abrir ↗GitHub PoC
CVE-2026-7465 Spectra Gutenberg Blocks Authenticated RCE Exploit
Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes
41RISCO
abrir ↗GitHub PoC
CVE-2026-5411 WP Captcha PRO
WP Captcha PRO <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
41RISCO
abrir ↗GitHub PoC
CVE-2026-45777 PoC
Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection
28RISCO
abrir ↗GitHub PoC
CVE-2026-7459 Simple History Missing Authorization Account Takeover Exploit
Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint
41RISCO
abrir ↗VulnCheck XDB
remote-with-credentials
Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes
41RISCO
abrir ↗GitHub PoC
CVE-2026-9691: Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 Unauthenticated PHP Object Injection PoC, Patch Analysis & Rule
WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability
48RISCO
abrir ↗GitHub PoC★ 133
PACKET_EDIT_MEME.c (aka CVE-2026-46331): yet another page cache poisoning nightmare
net/sched: fix pedit partial COW leading to page cache corruption
41RISCO
abrir ↗GitHub PoC
CVE-2026-42758 WebinarIgnition Exploit
WordPress WebinarIgnition plugin < 4.08.253 - Privilege Escalation vulnerability
48RISCO
abrir ↗VulnCheck XDB
initial-access
WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability
48RISCO
abrir ↗GitHub PoC
CVE-2026-48907
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir ↗GitHub PoC
CVE-2026-49083 LatePoint Calendar Booking Plugin Privilege Escalation Exploit
WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
41RISCO
abrir ↗VulnCheck XDB
initial-access
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessibl
50RISCO
abrir ↗GitHub PoC★ 2
Chaining Security Bugs in Discuz! X5.0: from Race Condition to Pre-Auth RCE
Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle
48RISCO
abrir ↗GitHub PoC
mandeepsohal/CVE-2025-66391
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
41RISCO
abrir ↗GitHub PoC
segunakinsoyinu/CVE-2024-42009-roundcube-xss
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RISCO
abrir ↗GitHub PoC
CVE-2026-49079 JetSearch SQL Injection Exploit
WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability
48RISCO
abrir ↗GitHub PoC★ 3
CVE-2026-36425 OPSWAT AppRemover (ardrv.sys) improper access control advisory
An issue in OPSWAT AppRemover Driver (ardrv.sys) v2017.10.02.1551 and earlier in IOCTL handler 0x2420031. Any local user
30RISCO
abrir ↗GitHub PoC
d4ngkh04w/CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary c
100RISCO
abrir ↗GitHub PoC
CVE‑2024‑20399 - Draft
Cisco NX-OS Software CLI Command Injection Vulnerability
63RISCO
abrir ↗GitHub PoC
Log4Shell (CVE-2021-44228) 보안 실습 환경 - Log4j 2.14.1 취약 로그 수집 서버
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗VulnCheck XDB
initial-access
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗VulnCheck XDB
initial-access
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir ↗VulnCheck XDB
local
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISCO
abrir ↗GitHub PoC
CVE-2026-39808 - Fortinet Sandbox - Draft
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.