Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
71.180 exploits
GitHub PoC39
A demonstration of read write using cve-2025-43529 on iOS 26.1
CVE-2025-43529HIGHsob ataque11 jun 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and
71RISCO
abrir
GitHub PoC
CVE-2026-45447 - Draft
CVE-2026-45447HIGH11 jun 2026
Heap Use-After-Free in the PKCS7_verify() Function
41RISCO
abrir
GitHub PoC
This repository contains a lab validation report and detection artefacts for DirtyFrag CVE-2026-43284, a Linux local privilege escalation issue related to the XFRM/ESP page-cache write path. The focus is on auditd telemetry, event correlation, and SOC-oriented detection logic.
CVE-2026-43284HIGH11 jun 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC15
PoC for CVE-2026-48907 - Joomla! JCE extension < 2.9.99.5 unauthenticated RCE
CVE-2026-48907CRITICALsob ataque11 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC
anirudhmakkar/cve-2026-7665
CVE-2026-7665MEDIUM11 jun 2026
Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler
33RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-10520CRITICAL11 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir
GitHub PoC1
Lab + writeup for CVE-2026-28699: Gitea OAuth2 scope enforcement bypass via HTTP Basic auth
CVE-2026-28699HIGH11 jun 2026
Gitea Basic Auth bypasses OAuth2 access token scopes
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-10795HIGH11 jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-10520CRITICAL11 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALsob ataque11 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC
From deobfuscating code.js to root, CVE-2023-0386
CVE-2023-0386HIGHsob ataque11 jun 2026
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities wa
86RISCO
abrir
GitHub PoC
xxconi/CVE-2025-6254
CVE-2025-6254CRITICAL11 jun 2026
Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation
48RISCO
abrir
GitHub PoC
CVE-2026-10520 and CVE-2026-10523
CVE-2026-10520CRITICAL11 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir
GitHub PoC4
CVE-2026-10520
CVE-2026-10520CRITICAL11 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-6440CRITICAL11 jun 2026
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RISCO
abrir
VulnCheck XDB
initial-access
CVE-2021-4045CRITICAL11 jun 2026
TP-LINK Tapo C200 remote code execution vulnerability
70RISCO
abrir
GitHub PoC
CVE-2026-50507 - Draft
CVE-2026-50507MEDIUM11 jun 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir
GitHub PoC
Cyber-DarkNay/CVE-2026-45034
CVE-2026-45034CRITICAL11 jun 2026
PhpSpreadsheet: File::prohibitWrappers bypass
48RISCO
abrir
GitHub PoC5
CVE-2026-25089 - Fortinet FortiSandbox
CVE-2026-25089CRITICALsob ataque10 jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
90RISCO
abrir
GitHub PoC
WORDPRESS
CVE-2026-5718HIGH10 jun 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISCO
abrir
GitHub PoC
Saku0512/CVE-2026-48732-poc
CVE-2026-48732HIGH10 jun 2026
Warp: Remote SSH cwd can lead to unauthorized remote command execution
41RISCO
abrir
GitHub PoC
1-day exploit for CVE-2026-49417
CVE-2026-49417HIGH10 jun 2026
Multiple vulnerabilities in the sound(4) mmap path
41RISCO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-28318HIGHsob ataque10 jun 2026
SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
76RISCO
abrir
GitHub PoC
1-day exploit for CVE-2026-45258
CVE-2026-45258HIGH10 jun 2026
Multiple vulnerabilities in the sound(4) mmap path
41RISCO
abrir
GitHub PoC
FreeBSD LPE
CVE-2026-49413HIGH10 jun 2026
Flaw in Linuxulator execution of setugid binaries
41RISCO
abrir
GitHub PoC1
GrayXploit Security research and defensive team validate this toolkit for CVE-2026-0257 (PAN-OS GlobalProtect Authentication Bypass). Includes vulnerability assessment, detection guidance, technical analysis, indicators of compromise (IOCs), and remediation validation resources for security teams and defenders.
CVE-2026-0257HIGHsob ataque10 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
GitHub PoC3
Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload [POC & Xploit]
CVE-2026-9067CRITICAL10 jun 2026
Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload
48RISCO
abrir
GitHub PoC
CVE-2026-50751 Check Point IKEv1 vulnerability scanner
CVE-2026-50751CRITICALsob ataqueransomware10 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-50751CRITICALsob ataqueransomware10 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2018-7600CRITICALsob ataqueransomware10 jun 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISCO
abrir
anteriorpágina 29 / 2.373próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.