Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC
CVE-2026-9560 - Draft
CVE-2026-9560CRITICAL01 jun 2026
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute
48RISCO
abrir
GitHub PoC
afifudinmtop/MCPJam-Inspector-1.4.2-Remote-Code-Execution-CVE-2026-23744
CVE-2026-23744CRITICAL01 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC
lucastran05/CVE-2026-29000
CVE-2026-29000CRITICAL01 jun 2026
pac4j-jwt JwtAuthenticator Authentication Bypass
48RISCO
abrir
GitHub PoC
ICT279 Vulnerability Detection and Mitigation Project using CVE-2025-24813 in an Internet Banking Environment
CVE-2025-24813CRITICALsob ataque01 jun 2026
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RISCO
abrir
GitHub PoC
PAN-OS: GlobalProtect Authentication Bypass
CVE-2026-0257HIGHsob ataque01 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
GitHub PoC1
Exploits the CVE-2026-0257 vulnerability by forging a GlobalProtect authentication override cookie using the TLS server's public key.
CVE-2026-0257HIGHsob ataque01 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
GitHub PoC8
p3Nt3st3r-sTAr/CVE-2026-8732-POC
CVE-2026-8732CRITICAL01 jun 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISCO
abrir
GitHub PoC2
A Go implementation of CIFSwitch (CVE-2026-46243)
CVE-2026-46243HIGH01 jun 2026
smb: client: reject userspace cifs.spnego descriptions
41RISCO
abrir
GitHub PoC208
CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL)
CVE-2026-41089CRITICAL01 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RISCO
abrir
GitHub PoC
Strapi CVE-2026-27886. Leaking sensitive data via relational filtering due to lack of query sanitization
CVE-2026-27886CRITICAL01 jun 2026
Strapi may leak sensitive data via relational filtering due to lack of query sanitization
48RISCO
abrir
GitHub PoC2
DeepSecurityResearch/CVE-2026-2586
CVE-2026-2586CRITICAL01 jun 2026
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user
48RISCO
abrir
GitHub PoC1
CVE-2026-45585
CVE-2026-45585MEDIUM31 mai 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir
GitHub PoC
CVE-2026-8836 — lwIP SNMPv3 stack-based buffer overflow PoC (CVSS 9.8)
CVE-2026-8836CRITICAL31 mai 2026
lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow
48RISCO
abrir
GitHub PoC
b1nhack/CVE-2024-1086
CVE-2024-1086HIGHsob ataqueransomware31 mai 2026
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISCO
abrir
GitHub PoC
Dungsocool/CVE-2014-3120
CVE-2014-3120HIGHsob ataque31 mai 2026
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RISCO
abrir
GitHub PoC
Jeanback1/CVE-2019-0211-exploit
CVE-2019-0211HIGHsob ataque31 mai 2026
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RISCO
abrir
GitHub PoC
CVE-2024-38475 exploitation & scanning tool with Mullvad VPN rotation
CVE-2024-38475CRITICALsob ataque31 mai 2026
Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
100RISCO
abrir
GitHub PoC1
SrGinebras/CVE-2026-23744-RCE-for-MCPjam-inspector-v1.4.2
CVE-2026-23744CRITICAL31 mai 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC
CVE-2026-23744 — Proof of concept exploit for an unauthenticated Remote Code Execution vulnerability in MCPJam Inspector <= 1.4.2.
CVE-2026-23744CRITICAL31 mai 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC2
CVE-2026-23744 RCE + Privilege Escalation
CVE-2026-23744CRITICAL31 mai 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC
kavin-jindal/CVE-2026-48800-PoC
CVE-2026-48800HIGH31 mai 2026
Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection
41RISCO
abrir
GitHub PoC
Remote Code Execution in MCPJam 1.4.2 and older.
CVE-2026-23744CRITICAL31 mai 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC
This exploit is based on CVE-2023-6553 and was built upon the original exploit by Chocapik, it was added that a direct reverse shell can be obtained.
CVE-2023-6553CRITICAL31 mai 2026
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RISCO
abrir
GitHub PoC
CVE-2026-23744 PoC
CVE-2026-23744CRITICAL31 mai 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC
Jeanback1/CVE-2019-9053-exploit
CVE-2019-905331 mai 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir
GitHub PoC1
Interactive Ruby shell for authorized CVE-2025-55182 (react2shell) testing
CVE-2025-55182CRITICALsob ataqueransomware31 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
This exploit is based on CVE-2023-27350 and was built upon the original exploit by horizon3ai and the Metasploit module.
CVE-2023-27350CRITICALsob ataqueransomware30 mai 2026
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RISCO
abrir
GitHub PoC
HAERIN-L/poc_cve-2026-42208
CVE-2026-42208CRITICALsob ataque30 mai 2026
LiteLLM: SQL injection in Proxy API key verification
100RISCO
abrir
GitHub PoC
letsr00t/CVE-2026-43494-PinTheft-PoC
CVE-2026-43494HIGH30 mai 2026
net/rds: reset op_nents when zerocopy page pin fails
41RISCO
abrir
GitHub PoC
Auditoría de seguridad y análisis de vulnerabilidades (CVE-2014-3566 y CVE-2010-2333) en la infraestructura de red local y router residencial.
CVE-2010-233330 mai 2026
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scrip
50RISCO
abrir
anteriorpágina 27 / 437próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.