Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.180 exploits
GitHub PoC★ 4
CVE-2026-35273
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-35273
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RISCO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-46645-Analysis-Lab
SQLAdmin: Authorization Bypass on `ajax_lookup`
33RISCO
abrir ↗GitHub PoC★ 2
Safely detect whether a SolarWinds Serv-U host is vulnerable to CVE-2026-28318
SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
76RISCO
abrir ↗GitHub PoC
This project simulates a real-world attack-and-defend scenario across two virtual machines. You will exploit a critical pre-authentication RCE vulnerability (CVE-2025-32433) in an Erlang/OTP SSH server, crack extracted password hashes, and then harden the victim machine with firewall rules and patching.
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISCO
abrir ↗GitHub PoC
Chains CVE-2025-57819 (stacked query SQL injection) and CVE-2025-61678 (authenticated file upload in FreePBX Endpoint Manager) to achieve Remote Code Execution (RCE). For educational use only.
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir ↗GitHub PoC
Cyber-DarkNay/CVE-2025-6440
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RISCO
abrir ↗GitHub PoC★ 39
A demonstration of read write using cve-2025-43529 on iOS 26.1
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and
71RISCO
abrir ↗GitHub PoC
leehunkoo/cve-2013-4660_PoC
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
43RISCO
abrir ↗GitHub PoC
Cyber-DarkNay/CVE-2026-23550
WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability
68RISCO
abrir ↗GitHub PoC★ 4
CVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir ↗GitHub PoC
This repository contains a lab validation report and detection artefacts for DirtyFrag CVE-2026-43284, a Linux local privilege escalation issue related to the XFRM/ESP page-cache write path. The focus is on auditd telemetry, event correlation, and SOC-oriented detection logic.
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC★ 3
CVE-2026-36213 | Local Privilege Escalation in MEmu Android Emulator 9.2.7.0 via Insecure Service Binary Permissions | Patched in 9.3.2
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.e
41RISCO
abrir ↗VulnCheck XDB
initial-access
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RISCO
abrir ↗GitHub PoC
byte16384/CVE-2026-49492-PoC
Markdown Preview Enhanced OS Command Injection in External File and Link Opening
41RISCO
abrir ↗GitHub PoC
CVE-2026-10520 and CVE-2026-10523
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir ↗GitHub PoC
xxconi/CVE-2025-6254
Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation
48RISCO
abrir ↗GitHub PoC
This repository contains a lab validation report and detection artefacts for DirtyFrag CVE-2026-43284, a Linux local privilege escalation issue related to the XFRM/ESP page-cache write path. The focus is on auditd telemetry, event correlation, and SOC-oriented detection logic.
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗VulnCheck XDB
local
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities wa
86RISCO
abrir ↗GitHub PoC
anirudhmakkar/cve-2026-7665
Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler
33RISCO
abrir ↗GitHub PoC
FangFang-Yi/CVE-2024-30088
Windows Kernel Elevation of Privilege Vulnerability
83RISCO
abrir ↗GitHub PoC
CVE-2017-9841 is a Remote Code Execution (RCE) vulnerability in the PHPUnit library affecting versions prior to 5.6.3 and 6.x prior to 6.4.2.
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RISCO
abrir ↗VulnCheck XDB
local
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
68RISCO
abrir ↗VulnCheck XDB
initial-access
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RISCO
abrir ↗VulnCheck XDB
initial-access
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir ↗GitHub PoC
Escáner pasivo de seguridad para CVE-2025-55182 que identifica indicadores públicos asociados a Next.js y React Server Components. Realiza validaciones seguras, analiza cabeceras y rutas, y proporciona una evaluación de exposición basada en evidencias sin explotación.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
Cyber-DarkNay/CVE-2026-7458
User Verification by PickPlugins <= 2.0.46 - Unauthenticated Authentication Bypass via OTP Verification REST API Endpoint
48RISCO
abrir ↗GitHub PoC
CVE-2026-10795 The UpdraftPlus POC
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.