Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.105exploits catalogados
31.648CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.107VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.086 exploits
GitHub PoC
Exploit de Execução Remota de Código (RCE) no XWiki
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir ↗GitHub PoC
Automated CVE-2022-26923 Exploitation (Certifried)
Active Directory Domain Services Elevation of Privilege Vulnerability
100RISCO
abrir ↗GitHub PoC
vishvacyber/Detection-Tool-Kit-for-CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 1
Safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network App
68RISCO
abrir ↗GitHub PoC
An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing authentication bypass.
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RISCO
abrir ↗GitHub PoC
P1 W8 S22 - Metasploit Samba CVE-2007-2447 Exploitation
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISCO
abrir ↗GitHub PoC
CVE-2026-40564: SSRF via FlinkSessionJob jarURI in apache/flink-kubernetes-operator. Self-contained reproducer that runs on a local kind cluster with one make command.
Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator
33RISCO
abrir ↗GitHub PoC
Dungsocool/CVE-2017-12635_36
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RISCO
abrir ↗GitHub PoC
LuizHenz/PoC-CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 1
Full walkthrough of HTB's Reactor machine — exploit CVE-2025-55182 to gain a shell, then get root via an exposed Node.js debugger. Step-by-step with screenshots.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
quantumworld-dpdns-io/CVE-2026-42945
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir ↗GitHub PoC★ 1
W5M1n9/NGINX-ngx_http_rewrite_module-heap-buffer-overflow-CVE-2026-9256
NGINX ngx_http_rewrite_module vulnerability
48RISCO
abrir ↗GitHub PoC★ 6
Proof-of-concept scripts for three vulnerabilities in Notepad++ <= 8.9.6, patched in v8.9.6.1 (2026-05-26) CVE-2026-48770 / CVE-2026-48778 / CVE-2026-48800
Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash
33RISCO
abrir ↗GitHub PoC★ 1
A x86_64 ASM implementation of PinTheft (CVE-2026-43494)
net/rds: reset op_nents when zerocopy page pin fails
41RISCO
abrir ↗GitHub PoC★ 10
Public advisory for CVE-2025-65640: Stored XSS vulnerability in Globe Document Intelligence.
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.
33RISCO
abrir ↗GitHub PoC
CVE-2023-26083-Mali-InfoLeak-PoC
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost
58RISCO
abrir ↗GitHub PoC
EXPLOIT CVE-2026-8832
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RISCO
abrir ↗GitHub PoC★ 1
funixone/EXPLOIT-CVE-2026-8832
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RISCO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-47100-Analysis-Lab
Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX
41RISCO
abrir ↗GitHub PoC
aarch64 and x64 python POC
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
This script safely checks the local version of the LiteSpeed cPanel plugin to determine if the system is running a version vulnerable to CVE-2026-48172. It does not send exploits or interact with network endpoints maliciously.
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild i
83RISCO
abrir ↗GitHub PoC
CVE-2026-35616 - Draft
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta
100RISCO
abrir ↗GitHub PoC
CVE-2026-8380
Frontend File Manager Plugin <= 23.6 - Author+ Arbitrary Post Deletion
33RISCO
abrir ↗GitHub PoC
krishnadevpmelevila/CVE-2026-39292
Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder
41RISCO
abrir ↗GitHub PoC
Black-box web application penetration test of BadStore e-commerce platform. Covers SQL injection, CVE-2006-3918, HTTP request manipulation, OSINT-driven spear phishing, and MITRE ATT&CK-mapped findings.
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before
45RISCO
abrir ↗GitHub PoC★ 1
Intentionally-vulnerable nginx 1.30.0 CVE lab images (CVE-2026-40701/42934/42945/42946) for isolated security research. Lab use only.
NGINX ngx_http_ssl_module vulnerability
33RISCO
abrir ↗GitHub PoC★ 1
Detection scanner for CVE-2026-48710 - Host-header auth bypass in Starlette/FastAPI
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RISCO
abrir ↗GitHub PoC★ 6
Gogs RCE via argument injection in git rebase (CWE-88) — Python PoC. CVE-2026-52806
Gogs: RCE via git rebase --exec argument injection in pull request merge
48RISCO
abrir ↗GitHub PoC
POC for CVE-2026-49009, an authenticated path traversal to RCE issue in Mender Server.
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.