Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.063exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC3
CVE-2026-0257
CVE-2026-0257HIGHsob ataque30 mai 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
GitHub PoC2
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
CVE-2026-8732CRITICAL30 mai 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISCO
abrir
GitHub PoC2
CVE-2026-8732 | WP Maps Pro <= 6.1.0 | Unauthenticated Privilege Escalation
CVE-2026-8732CRITICAL30 mai 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISCO
abrir
GitHub PoC
HAERIN-L/POC_CVE-2026-46716
CVE-2026-46716CRITICAL30 mai 2026
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
48RISCO
abrir
GitHub PoC
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation
CVE-2026-8732CRITICAL30 mai 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISCO
abrir
GitHub PoC1
POC_CVE-2026-42589
CVE-2026-42589CRITICAL30 mai 2026
Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
63RISCO
abrir
GitHub PoC
CVE-2025-10162 Exploit
CVE-2025-10162HIGH30 mai 2026
OrderConvo < 14 - Unauthenticated Arbitrary File Read
56RISCO
abrir
GitHub PoC
CVE-2025-5947 WordPress Service Finder Bookings ≤ 6.0 Exploit
CVE-2025-5947CRITICAL30 mai 2026
Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie
63RISCO
abrir
GitHub PoC
This exploit is based on CVE-2023-27350 and was built upon the original exploit by horizon3ai and the Metasploit module.
CVE-2023-27350CRITICALsob ataqueransomware30 mai 2026
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RISCO
abrir
GitHub PoC
Delt-A/CVE-2024-36401-poc
CVE-2024-36401CRITICALsob ataque30 mai 2026
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RISCO
abrir
GitHub PoC7
CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG.
CVE-2025-38352HIGHsob ataque30 mai 2026
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RISCO
abrir
GitHub PoC
CVE-2026-39987 - Draft
CVE-2026-39987CRITICALsob ataque30 mai 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISCO
abrir
GitHub PoC
Testing a List of IP address incase they are vulnerable to CVE-2024-3400
CVE-2024-3400CRITICALsob ataqueransomware30 mai 2026
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RISCO
abrir
GitHub PoC
SourceCodester Pharmacy Sales and Inventory System 1.0 - Vulnerable source code for CVE-2026-7392 SQL Injection
CVE-2026-7392MEDIUM30 mai 2026
SourceCodester Pharmacy Sales and Inventory System ajax.php delete_supplier sql injection
33RISCO
abrir
GitHub PoC
Auditoría de seguridad y análisis de vulnerabilidades (CVE-2014-3566 y CVE-2010-2333) en la infraestructura de red local y router residencial.
CVE-2010-233330 mai 2026
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scrip
50RISCO
abrir
GitHub PoC
HAERIN-L/poc_cve-2026-42208
CVE-2026-42208CRITICALsob ataque30 mai 2026
LiteLLM: SQL injection in Proxy API key verification
100RISCO
abrir
GitHub PoC
letsr00t/CVE-2026-43494-PinTheft-PoC
CVE-2026-43494HIGH30 mai 2026
net/rds: reset op_nents when zerocopy page pin fails
41RISCO
abrir
GitHub PoC
Python POC, Exploit for CVE-2026-29000
CVE-2026-29000CRITICAL30 mai 2026
pac4j-jwt JwtAuthenticator Authentication Bypass
48RISCO
abrir
GitHub PoC
Dhananjayasj/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
CVE-2024-21413CRITICALsob ataque30 mai 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
jomjosh17/Log4Shell-CVE-2021-44228-
CVE-2021-44228CRITICALsob ataqueransomware30 mai 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
GitHub PoC
Dungsocool/CVE-2018-7600
CVE-2018-7600CRITICALsob ataqueransomware30 mai 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISCO
abrir
GitHub PoC
Exploiting heap-based buffer overflow in sudo for privilege escalation
CVE-2021-3156HIGHsob ataque30 mai 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISCO
abrir
GitHub PoC
Dungsocool/CVE-2017-12635_36
CVE-2017-1263529 mai 2026
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RISCO
abrir
GitHub PoC1
Safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557
CVE-2026-22557CRITICAL29 mai 2026
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network App
68RISCO
abrir
GitHub PoC
LuizHenz/PoC-CVE-2025-55182
CVE-2025-55182CRITICALsob ataqueransomware29 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC2
akashsingh0454/CVE-2026-0257-PoC
CVE-2026-0257HIGHsob ataque29 mai 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
GitHub PoC
CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials
CVE-2026-46376CRITICAL29 mai 2026
FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
48RISCO
abrir
GitHub PoC
NocoDB Shared-Base Links Could Invite Real Base Members and Survive Share Revocation
CVE-2026-46552MEDIUM29 mai 2026
NocoDB: Shared-base link access can invite arbitrary users as persistent base members
33RISCO
abrir
GitHub PoC26
Proof-of-concept script to leverage the PAN-OS GlobalProtect authentication bypass CVE-2026-0257
CVE-2026-0257HIGHsob ataque29 mai 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
GitHub PoC1
writeup
CVE-2026-8697HIGH29 mai 2026
Improper Authentication Rate Limiting on TP-Link's Archer C64
41RISCO
abrir
anteriorpágina 28 / 437próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.