Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.086 exploits
GitHub PoC
CVE-2026-23631-Draft
redis-server Lua use-after-free may allow remote code execution
33RISCO
abrir ↗GitHub PoC★ 1
Detect-only scanner for CVE-2026-42945 (NGINX Rift), a heap overflow in ngx_http_rewrite_module. Version detection + nginx.conf pattern analysis. Python 3 stdlib-only, no network calls.
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir ↗GitHub PoC
PoC CVE-2026-8732 (WP Maps Pro <= 6.1.0)
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISCO
abrir ↗GitHub PoC
Piotnet Forms Pro <= 2.1.40 - Unauthenticated Arbitrary File Upload → RCE
Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload
48RISCO
abrir ↗GitHub PoC
YellowKey | BitLocker Bypass Vulnerability (CVE-2026-45585)
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir ↗GitHub PoC★ 13
Attack surface in the real-world environment of CVE-2026-41096
Windows DNS Client Remote Code Execution Vulnerability
48RISCO
abrir ↗GitHub PoC
CVE-2026-35904 / CVE-2026-35905 / CVE-2026-35906 — Unauth RCE, Hardcoded Root Creds & Telnet Enable in T3 Technology CPE
Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, an
48RISCO
abrir ↗GitHub PoC★ 2
Proof of Concept (PoC) exploit for CVE-2026-6815: Authenticated Path Traversal & Arbitrary File Write in Casdoor (< 3.54.1) leading to RCE/DoS.
CVE-2026-6815
33RISCO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-34234-Lab
CtrlPanel: Unauthenticated RCE using installer script
48RISCO
abrir ↗GitHub PoC★ 9
strivepan/ActiveMQ-cve-2026-42588-scanner-gui
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector
41RISCO
abrir ↗GitHub PoC★ 14
CVE-2026-41089 是 Windows Netlogon 服务中一个关键的远程代码执行漏洞,单包即可崩溃 lsass.exe,导致域控制器在约 30-60 秒内重启。此期间该 DC 的所有域认证将失败。
Windows Netlogon Remote Code Execution Vulnerability
70RISCO
abrir ↗GitHub PoC★ 6
Este repositorio contiene un Proof of Concept (POC) para CVE-2026-49975, también conocida como HTTP/2 Bomb, una vulnerabilidad de denegación de servicio (DoS) remoto que afecta a la mayoría de los servidores web principales en su configuración HTTP/2 predeterminada, incluyendo:
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir ↗GitHub PoC
Galaxy-sc/CVE-2026-47423-dompurify-xss-detector
DOMPurify XSS via `selectedcontent` re-clone
41RISCO
abrir ↗GitHub PoC★ 1
Rocket.Chat OAuth2 NoSQL Injection
In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability c
48RISCO
abrir ↗GitHub PoC★ 1
Add go CVE-2026-46300 (Fragnesia) local privilege escalation exploit
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir ↗GitHub PoC★ 3
Bulk scanning + one-click vulnerability exploitation
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir ↗GitHub PoC★ 1
PoC of CVE-2026-49943
CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matchi
33RISCO
abrir ↗GitHub PoC
Saku0512/CVE-2026-54088-poc
File Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)
48RISCO
abrir ↗GitHub PoC★ 1
Add go CVE-2026-43284 / CVE-2026-43500 (dirtyfrag) local privilege escalation exploit
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC★ 3
Palo Alto Networks PAN-OS contains an authentication bypass caused by flaws in the GlobalProtect portal and gateway, letting attackers establish unauthorized VPN connections, exploit requires network access to the portal or gateway.
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir ↗GitHub PoC
A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305.
Totolink N300RH Web Management wireless.so setWiFiBasicConfig stack-based overflow
48RISCO
abrir ↗GitHub PoC★ 1
go CVE-2026-31431 (CopyFail) local privilege escalation exploit
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
这是一个用于防御巡检的 CVE-2026-41089 检测脚本。该漏洞是 Microsoft 在 2026 年 5 月安全更新中披露的 Windows Netlogon 远程代码执行漏洞。
Windows Netlogon Remote Code Execution Vulnerability
70RISCO
abrir ↗GitHub PoC
CVE-2026-9256 Nginx heap buffer overflow POC
NGINX ngx_http_rewrite_module vulnerability
48RISCO
abrir ↗GitHub PoC★ 13
CVE-2026-41089 checker: unauthenticated, non-destructive detection for the Netlogon CLDAP stack buffer overflow (CVSS 9.8). Reports whether a domain controller's domain is long enough to crash, without sending the overflow. The binary-verified analysis the public PoCs got wrong.
Windows Netlogon Remote Code Execution Vulnerability
70RISCO
abrir ↗GitHub PoC★ 1
CVE-2025-48595 - Draft
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to
71RISCO
abrir ↗GitHub PoC
lowilol/CVE-2026-42945-NGINX-Rift-Check-Script
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir ↗GitHub PoC
Detection script for CIFSwitch - CVE-2026-46243
smb: client: reject userspace cifs.spnego descriptions
41RISCO
abrir ↗GitHub PoC★ 1
Real-World Simulation: FTP Service Exploitation (ProFTPD CVE-2015-3306)
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and
60RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.