Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.063exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.086 exploits
GitHub PoC★ 3
CVE-2026-0257
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir ↗GitHub PoC★ 2
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-8732 | WP Maps Pro <= 6.1.0 | Unauthenticated Privilege Escalation
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISCO
abrir ↗GitHub PoC
HAERIN-L/POC_CVE-2026-46716
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
48RISCO
abrir ↗GitHub PoC
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISCO
abrir ↗GitHub PoC★ 1
POC_CVE-2026-42589
Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
63RISCO
abrir ↗GitHub PoC
CVE-2025-5947 WordPress Service Finder Bookings ≤ 6.0 Exploit
Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie
63RISCO
abrir ↗GitHub PoC
This exploit is based on CVE-2023-27350 and was built upon the original exploit by horizon3ai and the Metasploit module.
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RISCO
abrir ↗GitHub PoC
Delt-A/CVE-2024-36401-poc
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RISCO
abrir ↗GitHub PoC★ 7
CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG.
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RISCO
abrir ↗GitHub PoC
CVE-2026-39987 - Draft
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISCO
abrir ↗GitHub PoC
Testing a List of IP address incase they are vulnerable to CVE-2024-3400
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RISCO
abrir ↗GitHub PoC
SourceCodester Pharmacy Sales and Inventory System 1.0 - Vulnerable source code for CVE-2026-7392 SQL Injection
SourceCodester Pharmacy Sales and Inventory System ajax.php delete_supplier sql injection
33RISCO
abrir ↗GitHub PoC
Auditoría de seguridad y análisis de vulnerabilidades (CVE-2014-3566 y CVE-2010-2333) en la infraestructura de red local y router residencial.
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scrip
50RISCO
abrir ↗GitHub PoC
HAERIN-L/poc_cve-2026-42208
LiteLLM: SQL injection in Proxy API key verification
100RISCO
abrir ↗GitHub PoC
letsr00t/CVE-2026-43494-PinTheft-PoC
net/rds: reset op_nents when zerocopy page pin fails
41RISCO
abrir ↗GitHub PoC
Python POC, Exploit for CVE-2026-29000
pac4j-jwt JwtAuthenticator Authentication Bypass
48RISCO
abrir ↗GitHub PoC
Dhananjayasj/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
100RISCO
abrir ↗GitHub PoC
jomjosh17/Log4Shell-CVE-2021-44228-
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗GitHub PoC
Dungsocool/CVE-2018-7600
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISCO
abrir ↗GitHub PoC
Exploiting heap-based buffer overflow in sudo for privilege escalation
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISCO
abrir ↗GitHub PoC
Dungsocool/CVE-2017-12635_36
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RISCO
abrir ↗GitHub PoC★ 1
Safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network App
68RISCO
abrir ↗GitHub PoC
LuizHenz/PoC-CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 2
akashsingh0454/CVE-2026-0257-PoC
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir ↗GitHub PoC
CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials
FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
48RISCO
abrir ↗GitHub PoC
NocoDB Shared-Base Links Could Invite Real Base Members and Survive Share Revocation
NocoDB: Shared-base link access can invite arbitrary users as persistent base members
33RISCO
abrir ↗GitHub PoC★ 26
Proof-of-concept script to leverage the PAN-OS GlobalProtect authentication bypass CVE-2026-0257
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.