Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
71.114 exploits
GitHub PoC
CVE-2026-39813 - Fortinet Sandbox - Draft
CVE-2026-39813CRITICAL17 jun 2026
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.
53RISCO
abrir
GitHub PoC3
CVE-2026-36425 OPSWAT AppRemover (ardrv.sys) improper access control advisory
CVE-2026-36425MEDIUM17 jun 2026
An issue in OPSWAT AppRemover Driver (ardrv.sys) v2017.10.02.1551 and earlier in IOCTL handler 0x2420031. Any local user
30RISCO
abrir
VulnCheck XDB
local
CVE-2021-3156HIGHsob ataque17 jun 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISCO
abrir
GitHub PoC
CVE-2026-5415 WP Captcha PRO Authenticated Authentication Bypass Exploit
CVE-2026-5415HIGH17 jun 2026
WP Captcha PRO <= 5.38 - Authenticated (Subscriber+) Authentication Bypass via Temporary Login Link
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL17 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
CVE-2026-45777 PoC
CVE-2026-45777CRITICAL17 jun 2026
Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection
28RISCO
abrir
GitHub PoC
CVE-2026-39808 - Fortinet Sandbox - Draft
CVE-2026-39808CRITICALsob ataque17 jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2021-3442717 jun 2026
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessibl
50RISCO
abrir
GitHub PoC
CVE-2026-49079 JetSearch SQL Injection Exploit
CVE-2026-49079CRITICAL17 jun 2026
WordPress JetSearch plugin <= 3.5.17 - SQL Injection vulnerability
48RISCO
abrir
GitHub PoC2
Chaining Security Bugs in Discuz! X5.0: from Race Condition to Pre-Auth RCE
CVE-2026-49952CRITICAL17 jun 2026
Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2021-44228CRITICALsob ataqueransomware17 jun 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
GitHub PoC
segunakinsoyinu/CVE-2024-42009-roundcube-xss
CVE-2024-42009CRITICALsob ataque17 jun 2026
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RISCO
abrir
GitHub PoC
CVE-2026-7465 Spectra Gutenberg Blocks Authenticated RCE Exploit
CVE-2026-7465HIGH17 jun 2026
Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes
41RISCO
abrir
GitHub PoC
CVE-2026-7459 Simple History Missing Authorization Account Takeover Exploit
CVE-2026-7459HIGH17 jun 2026
Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint
41RISCO
abrir
GitHub PoC
mahfuzreham/litespeed-cpanel-cve-2026-54420-fix
CVE-2026-54420HIGHsob ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISCO
abrir
GitHub PoC
This is an exploit poc for CVE-2026-4480
CVE-2026-4480CRITICAL16 jun 2026
Samba: samba: remote code execution in printing subsystem via unescaped job description
68RISCO
abrir
GitHub PoC5
Manage and recover BitLocker encrypted drives with this tool for Windows 11 recovery key management and educational study of CVE-2026-45585.
CVE-2026-45585MEDIUM16 jun 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir
GitHub PoC
CVE-2026-50751 Mass Scanner
CVE-2026-50751CRITICALsob ataqueransomware16 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-49844CRITICAL16 jun 2026
Redis Lua Use-After-Free may lead to remote code execution
85RISCO
abrir
VulnCheck XDB
info-leak
CVE-2024-23897CRITICALsob ataqueransomware16 jun 2026
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISCO
abrir
GitHub PoC
CVE-2026-20262 - Draft
CVE-2026-20262MEDIUMsob ataque16 jun 2026
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
63RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-50751CRITICALsob ataqueransomware16 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISCO
abrir
GitHub PoC
Saku0512/CVE-2026-54686-poc
CVE-2026-54686MEDIUM16 jun 2026
Warp: DCS lifecycle hook spoofing can alter terminal session metadata
33RISCO
abrir
VulnCheck XDB
info-leak
CVE-2025-49132CRITICAL16 jun 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
GitHub PoC
Penetration testing assessment of a vulnerable IIS 6.0 WebDAV server, demonstrating reconnaissance, enumeration, exploitation (CVE-2017-7269), and privilege escalation to SYSTEM, along with risk analysis and remediation strategies.
CVE-2017-7269CRITICALsob ataque16 jun 2026
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in
100RISCO
abrir
GitHub PoC
0xdak/CVE-2026-44881_exploit
CVE-2026-44881HIGH16 jun 2026
Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
41RISCO
abrir
GitHub PoC8
This is a Linux Kernel Local Privilege Escalation PoC code for CVE-2026-52943 a use-after-free in skbuff.c, my first 0day found by me in linux kernel
CVE-2026-52943HIGH16 jun 2026
net: skbuff: fix missing zerocopy reference in pskb_carve helpers
41RISCO
abrir
GitHub PoC
CVE-2025-30208 exploit script
CVE-2025-30208MEDIUM16 jun 2026
Vite bypasses server.fs.deny when using `?raw??`
70RISCO
abrir
GitHub PoC
CVE-2025-49844 exploit script
CVE-2025-49844CRITICAL16 jun 2026
Redis Lua Use-After-Free may lead to remote code execution
85RISCO
abrir
GitHub PoC1
A script that gives you the credentials of a Pterodactyl panel vulnerable to CVE-2025-49132
CVE-2025-49132CRITICAL16 jun 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
anteriorpágina 23 / 2.371próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.