Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC
CVE-2026-23631-Draft
CVE-2026-23631MEDIUM04 jun 2026
redis-server Lua use-after-free may allow remote code execution
33RISCO
abrir
GitHub PoC1
Detect-only scanner for CVE-2026-42945 (NGINX Rift), a heap overflow in ngx_http_rewrite_module. Version detection + nginx.conf pattern analysis. Python 3 stdlib-only, no network calls.
CVE-2026-42945CRITICAL04 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
PoC CVE-2026-8732 (WP Maps Pro <= 6.1.0)
CVE-2026-8732CRITICAL04 jun 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISCO
abrir
GitHub PoC
Piotnet Forms Pro <= 2.1.40 - Unauthenticated Arbitrary File Upload → RCE
CVE-2026-4883CRITICAL04 jun 2026
Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload
48RISCO
abrir
GitHub PoC
YellowKey | BitLocker Bypass Vulnerability (CVE-2026-45585)
CVE-2026-45585MEDIUM04 jun 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir
GitHub PoC13
Attack surface in the real-world environment of CVE-2026-41096
CVE-2026-41096CRITICAL04 jun 2026
Windows DNS Client Remote Code Execution Vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-35904 / CVE-2026-35905 / CVE-2026-35906 — Unauth RCE, Hardcoded Root Creds & Telnet Enable in T3 Technology CPE
CVE-2026-35904CRITICAL04 jun 2026
Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, an
48RISCO
abrir
GitHub PoC2
Proof of Concept (PoC) exploit for CVE-2026-6815: Authenticated Path Traversal & Arbitrary File Write in Casdoor (< 3.54.1) leading to RCE/DoS.
CVE-2026-6815MEDIUM04 jun 2026
CVE-2026-6815
33RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-34234-Lab
CVE-2026-34234CRITICAL04 jun 2026
CtrlPanel: Unauthenticated RCE using installer script
48RISCO
abrir
GitHub PoC9
strivepan/ActiveMQ-cve-2026-42588-scanner-gui
CVE-2026-42588HIGH04 jun 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector
41RISCO
abrir
GitHub PoC14
CVE-2026-41089 是 Windows Netlogon 服务中一个关键的远程代码执行漏洞,单包即可崩溃 lsass.exe,导致域控制器在约 30-60 秒内重启。此期间该 DC 的所有域认证将失败。
CVE-2026-41089CRITICAL03 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RISCO
abrir
GitHub PoC6
Este repositorio contiene un Proof of Concept (POC) para CVE-2026-49975, también conocida como HTTP/2 Bomb, una vulnerabilidad de denegación de servicio (DoS) remoto que afecta a la mayoría de los servidores web principales en su configuración HTTP/2 predeterminada, incluyendo:
CVE-2026-49975HIGH03 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir
GitHub PoC
Galaxy-sc/CVE-2026-47423-dompurify-xss-detector
CVE-2026-47423HIGH03 jun 2026
DOMPurify XSS via `selectedcontent` re-clone
41RISCO
abrir
GitHub PoC1
Rocket.Chat OAuth2 NoSQL Injection
CVE-2026-29198CRITICAL03 jun 2026
In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability c
48RISCO
abrir
GitHub PoC1
Add go CVE-2026-46300 (Fragnesia) local privilege escalation exploit
CVE-2026-46300HIGH03 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC3
Bulk scanning + one-click vulnerability exploitation
CVE-2026-42945CRITICAL03 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC1
PoC of CVE-2026-49943
CVE-2026-49943MEDIUM03 jun 2026
CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matchi
33RISCO
abrir
GitHub PoC
CVE-2026-27145 - Draft
CVE-2026-27145MEDIUM03 jun 2026
Inefficient candidate hostname parsing in crypto/x509
33RISCO
abrir
GitHub PoC
Saku0512/CVE-2026-54088-poc
CVE-2026-54088CRITICAL03 jun 2026
File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)
48RISCO
abrir
GitHub PoC1
Add go CVE-2026-43284 / CVE-2026-43500 (dirtyfrag) local privilege escalation exploit
CVE-2026-43284HIGH03 jun 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC3
Palo Alto Networks PAN-OS contains an authentication bypass caused by flaws in the GlobalProtect portal and gateway, letting attackers establish unauthorized VPN connections, exploit requires network access to the portal or gateway.
CVE-2026-0257HIGHsob ataque03 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
GitHub PoC
A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305.
CVE-2026-10187CRITICAL03 jun 2026
Totolink N300RH Web Management wireless.so setWiFiBasicConfig stack-based overflow
48RISCO
abrir
GitHub PoC1
go CVE-2026-31431 (CopyFail) local privilege escalation exploit
CVE-2026-31431HIGHsob ataque03 jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
这是一个用于防御巡检的 CVE-2026-41089 检测脚本。该漏洞是 Microsoft 在 2026 年 5 月安全更新中披露的 Windows Netlogon 远程代码执行漏洞。
CVE-2026-41089CRITICAL03 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RISCO
abrir
GitHub PoC
CVE-2026-9256 Nginx heap buffer overflow POC
CVE-2026-9256CRITICAL03 jun 2026
NGINX ngx_http_rewrite_module vulnerability
48RISCO
abrir
GitHub PoC13
CVE-2026-41089 checker: unauthenticated, non-destructive detection for the Netlogon CLDAP stack buffer overflow (CVSS 9.8). Reports whether a domain controller's domain is long enough to crash, without sending the overflow. The binary-verified analysis the public PoCs got wrong.
CVE-2026-41089CRITICAL03 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RISCO
abrir
GitHub PoC1
CVE-2025-48595 - Draft
CVE-2025-48595HIGHsob ataque03 jun 2026
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to
71RISCO
abrir
GitHub PoC
lowilol/CVE-2026-42945-NGINX-Rift-Check-Script
CVE-2026-42945CRITICAL03 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Detection script for CIFSwitch - CVE-2026-46243
CVE-2026-46243HIGH03 jun 2026
smb: client: reject userspace cifs.spnego descriptions
41RISCO
abrir
GitHub PoC1
Real-World Simulation: FTP Service Exploitation (ProFTPD CVE-2015-3306)
CVE-2015-330603 jun 2026
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISCO
abrir
anteriorpágina 25 / 437próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.