Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.166exploits catalogados
31.689CVEs com exploração pública
0testados em laboratório
71.166 exploits
GitHub PoC
J1nKsC/CVE-2024-4367_test
CVE-2024-4367MEDIUM13 jun 2026
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RISCO
abrir
GitHub PoC1
CVE-2021-21425 - GravCMS 1.10.7 Unauthenticated RCE via Scheduler. Improved exploit with CLI args and auto base64 encoding.
CVE-2021-21425CRITICAL13 jun 2026
Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
85RISCO
abrir
GitHub PoC
CVE-2018-9276 — PRTG Network Monitor < 18.2.39 Authenticated RCE. For educational purposes and authorized penetration testing only.
CVE-2018-9276HIGHsob ataque13 jun 2026
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISCO
abrir
GitHub PoC
ExifTool RCE exploit (CVE-2021-22204) - improved version, no exiftool dependency
CVE-2021-22204MEDIUMsob ataque13 jun 2026
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code exec
100RISCO
abrir
GitHub PoC
CVE-2025-55182 exploit script
CVE-2025-55182CRITICALsob ataqueransomware13 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC3
Toolkit for CVE-2025-55182, also known as React2Shell.
CVE-2025-55182CRITICALsob ataqueransomware12 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC1
FOSSBilling CVE-2026-53647 & CVE-2026-53646 PoC — Unauthenticated API key disclosure & password reset token reuse
CVE-2026-53647MEDIUM12 jun 2026
FOSSBilling vulnerable to unauthenticated API key configuration disclosure via guest Serviceapikey get_info endpoint
33RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALsob ataqueransomware12 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Chains CVE-2025-57819 (stacked query SQL injection) and CVE-2025-61678 (authenticated file upload in FreePBX Endpoint Manager) to achieve Remote Code Execution (RCE). For educational use only.
CVE-2025-57819CRITICALsob ataque12 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
GitHub PoC9
An offensive security researcher + an AI vs. a fresh n-day: building the first public PoC for CVE-2026-53435 in one Friday night. Raw 8h20m log inside.
CVE-2026-53435HIGH12 jun 2026
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrar
46RISCO
abrir
GitHub PoC
This project simulates a real-world attack-and-defend scenario across two virtual machines. You will exploit a critical pre-authentication RCE vulnerability (CVE-2025-32433) in an Erlang/OTP SSH server, crack extracted password hashes, and then harden the victim machine with firewall rules and patching.
CVE-2025-32433CRITICALsob ataque12 jun 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISCO
abrir
GitHub PoC13
watchtowrlabs/watchTowr-vs-Splunk-CVE-2026-20253
CVE-2026-20253CRITICALsob ataque12 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-53435HIGH12 jun 2026
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrar
46RISCO
abrir
GitHub PoC4
CVE-2026-35273
CVE-2026-35273CRITICALsob ataqueransomware12 jun 2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RISCO
abrir
GitHub PoC
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
CVE-2026-8809CRITICAL12 jun 2026
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-50751CRITICALsob ataqueransomware12 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISCO
abrir
GitHub PoC3
CVE-2026-48907
CVE-2026-48907CRITICALsob ataque12 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC2
Safely detect whether a SolarWinds Serv-U host is vulnerable to CVE-2026-28318
CVE-2026-28318HIGHsob ataque12 jun 2026
SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
76RISCO
abrir
GitHub PoC
CVE-2026-49777 - ShapedPlugin Product Slider Pro for WooCommerce Backdoor RCE
CVE-2026-49777CRITICAL12 jun 2026
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
63RISCO
abrir
GitHub PoC2
CVE-2026-25089
CVE-2026-25089CRITICALsob ataque12 jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
90RISCO
abrir
GitHub PoC1
CVE-2026-50751 — Check Point IKEv1 Authentication Bypass
CVE-2026-50751CRITICALsob ataqueransomware12 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISCO
abrir
GitHub PoC2
CVE-2026-35273
CVE-2026-35273CRITICALsob ataqueransomware12 jun 2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RISCO
abrir
GitHub PoC
CVE-2026-0273 - Draft
CVE-2026-0273MEDIUM12 jun 2026
PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI
33RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-46645-Analysis-Lab
CVE-2026-46645MEDIUM12 jun 2026
SQLAdmin: Authorization Bypass on `ajax_lookup`
33RISCO
abrir
GitHub PoC
Cisco Unified Communications Manager (Unified CM) deployments affected by CVE-2026-20230.
CVE-2026-20230HIGH12 jun 2026
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
53RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALsob ataque11 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC
CVE-2026-45447 - Draft
CVE-2026-45447HIGH11 jun 2026
Heap Use-After-Free in the PKCS7_verify() Function
41RISCO
abrir
GitHub PoC
CVE-2026-50507 - Draft
CVE-2026-50507MEDIUM11 jun 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir
GitHub PoC
Cyber-DarkNay/CVE-2026-45034
CVE-2026-45034CRITICAL11 jun 2026
PhpSpreadsheet: File::prohibitWrappers bypass
48RISCO
abrir
GitHub PoC1
CVE-2026-11645
CVE-2026-11645HIGHsob ataque11 jun 2026
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitra
71RISCO
abrir
anteriorpágina 27 / 2.373próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.