Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC
CVE-2026-27145 - Draft
CVE-2026-27145MEDIUM03 jun 2026
Inefficient candidate hostname parsing in crypto/x509
33RISCO
abrir
GitHub PoC6
Este repositorio contiene un Proof of Concept (POC) para CVE-2026-49975, también conocida como HTTP/2 Bomb, una vulnerabilidad de denegación de servicio (DoS) remoto que afecta a la mayoría de los servidores web principales en su configuración HTTP/2 predeterminada, incluyendo:
CVE-2026-49975HIGH03 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir
GitHub PoC
leehunkoo/hk_CVE-2025-32433
CVE-2025-32433CRITICALsob ataque03 jun 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISCO
abrir
GitHub PoC
Galaxy-sc/CVE-2026-47423-dompurify-xss-detector
CVE-2026-47423HIGH03 jun 2026
DOMPurify XSS via `selectedcontent` re-clone
41RISCO
abrir
GitHub PoC1
PoC of CVE-2026-49943
CVE-2026-49943MEDIUM03 jun 2026
CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matchi
33RISCO
abrir
GitHub PoC
AzDevops143/FRAGNESIA-Charan-cve-2026-46300
CVE-2026-46300HIGH02 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC
MrR0b0t19/CVE-2026-23744-PoC
CVE-2026-23744CRITICAL02 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC
Mender Server - Authenticated Path Traversal to RCE
CVE-2026-49009LOW02 jun 2026
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RISCO
abrir
GitHub PoC6
CVE-2026-41089
CVE-2026-41089CRITICAL02 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RISCO
abrir
GitHub PoC3
Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh.
CVE-2024-21182HIGHsob ataque02 jun 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
83RISCO
abrir
GitHub PoC
CVE-2026-31525 - Draft
CVE-2026-31525HIGH02 jun 2026
bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
41RISCO
abrir
GitHub PoC
lorenzocamilli/CVE-2026-45332-PoC
CVE-2026-45332HIGH02 jun 2026
Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint
41RISCO
abrir
GitHub PoC3
Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh.
CVE-2023-21839HIGHsob ataque02 jun 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RISCO
abrir
GitHub PoC
Dhananjayasj/CVE-2026-34156-NocoBase-Sandbox-Escape-via-Workflow-Execution-Vulnerability-
CVE-2026-34156CRITICAL02 jun 2026
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
75RISCO
abrir
GitHub PoC2
Script para comprobar si la vulnerabilidad de Linux CIFSwitch (CVE-2026-46243) nos afecta. Detecta configuraciones potencialmente vulnerables y mitigaciones sin ejecutar exploits.
CVE-2026-46243HIGH02 jun 2026
smb: client: reject userspace cifs.spnego descriptions
41RISCO
abrir
GitHub PoC
CVE-2026-23744 Proof-of-concept.
CVE-2026-23744CRITICAL02 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC
jenniferreire26/CVE-2026-39987
CVE-2026-39987CRITICALsob ataque02 jun 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISCO
abrir
GitHub PoC
Ez4rd1x1/CVE-2026-8181
CVE-2026-8181CRITICAL02 jun 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
GitHub PoC
"A professional walkthrough of HTB: Shocker. Demonstrates remote directory fuzzing to discover CGI scripts, manual exploitation of the Shellshock vulnerability (CVE-2014-6271), and privilege escalation via misconfigured Sudo Perl permissions using GTFOBins vectors."
CVE-2014-6271CRITICALsob ataque02 jun 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
GitHub PoC1
This utility was created during research involving MCPJam v1.4.2. The application exposes an API endpoint that accepts a server configuration object. Under certain conditions, insufficient validation may allow unintended command execution.
CVE-2026-23744CRITICAL02 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC
Okymi-X/CVE-2021-43798
CVE-2021-43798HIGHsob ataque02 jun 2026
Grafana path traversal
100RISCO
abrir
GitHub PoC
entr0pie/demo-cve-2022-22947
CVE-2022-22947CRITICALsob ataque02 jun 2026
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RISCO
abrir
GitHub PoC
Performed a Full & Fast vulnerability assessment using OpenVAS against Metasploitable2, identified the critical vsftpd Backdoor vulnerability (CVE-2011-2523), and developed containment, remediation, and incident response documentation.
CVE-2011-252302 jun 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC2
Mass exploitation tool for CVE-2026-8206 – Unauthenticated Privilege Escalation via 'handle_forgot_password' in Kirki WordPress plugin (≤6.0.6).
CVE-2026-8206CRITICAL02 jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISCO
abrir
GitHub PoC2
A Go implementation of CIFSwitch (CVE-2026-46243)
CVE-2026-46243HIGH01 jun 2026
smb: client: reject userspace cifs.spnego descriptions
41RISCO
abrir
GitHub PoC
Automated defect verification tool for 6 dnsmasq CVEs (CVE-2026-2291, 4890, 4891, 4892, 4893, 5172)
CVE-2026-2291HIGH01 jun 2026
CVE-2026-2291
41RISCO
abrir
GitHub PoC
tematemaru/CVE-2026-31431-simple-test
CVE-2026-31431HIGHsob ataque01 jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC1
Exploits the CVE-2026-0257 vulnerability by forging a GlobalProtect authentication override cookie using the TLS server's public key.
CVE-2026-0257HIGHsob ataque01 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
GitHub PoC2
DeepSecurityResearch/CVE-2026-2586
CVE-2026-2586CRITICAL01 jun 2026
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user
48RISCO
abrir
GitHub PoC
PAN-OS: GlobalProtect Authentication Bypass
CVE-2026-0257HIGHsob ataque01 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
anteriorpágina 26 / 437próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.