Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.116exploits catalogados
31.651CVEs com exploração pública
0testados em laboratório
71.156 exploits
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALsob ataque13 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC
CyruxSec/CVE-2026-4524
CVE-2026-4524MEDIUM13 jun 2026
Authentication Bypass Using an Alternate Path or Channel in GitLab
33RISCO
abrir
VulnCheck XDB
client-side
CVE-2021-22204MEDIUMsob ataque13 jun 2026
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code exec
100RISCO
abrir
GitHub PoC
webshellseo8/CVE-2026-1555-POC
CVE-2026-1555CRITICAL13 jun 2026
WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload
48RISCO
abrir
GitHub PoC2
HTTP/2 Bomb (CVE-2026-49975) non-destructive vulnerability detector for Nginx / Apache httpd. Zero-dependency Python.
CVE-2026-49975HIGH13 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir
GitHub PoC
JupyterHub XSRF bypass via cross-origin form POST (Sec-Fetch-Mode: no-cors) — CWE-352
CVE-2026-40864MEDIUM13 jun 2026
JupyterHub: Cross-origin form POSTs bypass XSRF
33RISCO
abrir
GitHub PoC
SQL Injection in Dagster database I/O managers via dynamic partition keys (DuckDB/Snowflake/BigQuery/DeltaLake) — High
CVE-2026-41490HIGH13 jun 2026
Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations
41RISCO
abrir
GitHub PoC1
razureink/cve-2026-49975-http2bomb_reproduction
CVE-2026-49975HIGH13 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir
GitHub PoC
87achrafg-stack/CVE-2026-48907
CVE-2026-48907CRITICALsob ataque13 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC
Remote Code Execution in DbGate via functionName injection in the loadReader endpoint — CVSS 8.8
CVE-2026-48017HIGH13 jun 2026
DbGate: Remote Code Execution via functionName injection in loadReader endpoint
41RISCO
abrir
GitHub PoC
AISec Plus Week 1 threat write-up — EchoLeak (CVE-2025-32711), zero-click indirect prompt injection in Microsoft 365 Copilot.
CVE-2025-32711CRITICAL13 jun 2026
M365 Copilot Information Disclosure Vulnerability
48RISCO
abrir
GitHub PoC
CVE-2018-9276 — PRTG Network Monitor < 18.2.39 Authenticated RCE. For educational purposes and authorized penetration testing only.
CVE-2018-9276HIGHsob ataque13 jun 2026
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISCO
abrir
GitHub PoC
J1nKsC/CVE-2024-4367_test
CVE-2024-4367MEDIUM13 jun 2026
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RISCO
abrir
GitHub PoC
Some labs looking at the xz backdoor vulnerability (CVE-2024-3094)
CVE-2024-3094CRITICAL13 jun 2026
Xz: malicious code in distributed source
70RISCO
abrir
GitHub PoC1
CVE-2021-21425 - GravCMS 1.10.7 Unauthenticated RCE via Scheduler. Improved exploit with CLI args and auto base64 encoding.
CVE-2021-21425CRITICAL13 jun 2026
Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
85RISCO
abrir
GitHub PoC
ExifTool RCE exploit (CVE-2021-22204) - improved version, no exiftool dependency
CVE-2021-22204MEDIUMsob ataque13 jun 2026
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code exec
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2018-9276HIGHsob ataque13 jun 2026
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISCO
abrir
GitHub PoC1
CVE-2026-45447
CVE-2026-45447HIGH13 jun 2026
Heap Use-After-Free in the PKCS7_verify() Function
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALsob ataqueransomware13 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC1
(phpBB authentication bypass)
CVE-2026-48611CRITICAL13 jun 2026
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or
63RISCO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-42647CRITICAL13 jun 2026
WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability
63RISCO
abrir
GitHub PoC
A lightweight stdio-based MCP server for local file system operations — read, write, edit, search, exec for AI assistants. Specially optimized for Chatbox: bat-bypass for exec (CVE-2026-6130), b64 encoding to eliminate escaping issues, and multi-pattern regex for precise code block targeting.
CVE-2026-6130MEDIUM13 jun 2026
chatboxai chatbox Model Context Protocol Server Management System ipc-stdio-transport.ts StdioClientTransport os command injection
33RISCO
abrir
GitHub PoC3
CVE-2026-20253
CVE-2026-20253CRITICALsob ataque13 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISCO
abrir
GitHub PoC
Technical writeup and Proof of Concept (PoC) for CVE-2026-11417: OS Command Injection / Remote Code Execution (RCE) in AWS CDK's NodejsFunction.
CVE-2026-11417HIGH13 jun 2026
OS Command Injection in NodejsFunction Bundling in aws-cdk-lib
41RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-42647-Lab
CVE-2026-42647CRITICAL13 jun 2026
WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability
63RISCO
abrir
GitHub PoC2
CVE-2026-25089
CVE-2026-25089CRITICALsob ataque12 jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
90RISCO
abrir
GitHub PoC13
watchtowrlabs/watchTowr-vs-Splunk-CVE-2026-20253
CVE-2026-20253CRITICALsob ataque12 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISCO
abrir
GitHub PoC2
CVE-2026-35273
CVE-2026-35273CRITICALsob ataqueransomware12 jun 2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALsob ataqueransomware12 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC4
CVE-2026-35273
CVE-2026-35273CRITICALsob ataqueransomware12 jun 2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RISCO
abrir
anteriorpágina 26 / 2.372próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.