Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.105exploits catalogados
31.648CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC
Exploit de Execução Remota de Código (RCE) no XWiki
CVE-2025-24893CRITICALsob ataque29 mai 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir
GitHub PoC
Automated CVE-2022-26923 Exploitation (Certifried)
CVE-2022-26923HIGHsob ataque29 mai 2026
Active Directory Domain Services Elevation of Privilege Vulnerability
100RISCO
abrir
GitHub PoC
vishvacyber/Detection-Tool-Kit-for-CVE-2026-31431
CVE-2026-31431HIGHsob ataque29 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC1
Safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557
CVE-2026-22557CRITICAL29 mai 2026
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network App
68RISCO
abrir
GitHub PoC
An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing authentication bypass.
CVE-2026-42568MEDIUM29 mai 2026
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RISCO
abrir
GitHub PoC
P1 W8 S22 - Metasploit Samba CVE-2007-2447 Exploitation
CVE-2007-244729 mai 2026
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISCO
abrir
GitHub PoC
CVE-2026-40564: SSRF via FlinkSessionJob jarURI in apache/flink-kubernetes-operator. Self-contained reproducer that runs on a local kind cluster with one make command.
CVE-2026-40564MEDIUM29 mai 2026
Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator
33RISCO
abrir
GitHub PoC
Dungsocool/CVE-2017-12635_36
CVE-2017-1263529 mai 2026
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RISCO
abrir
GitHub PoC
LuizHenz/PoC-CVE-2025-55182
CVE-2025-55182CRITICALsob ataqueransomware29 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC1
Full walkthrough of HTB's Reactor machine — exploit CVE-2025-55182 to gain a shell, then get root via an exposed Node.js debugger. Step-by-step with screenshots.
CVE-2025-55182CRITICALsob ataqueransomware28 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
quantumworld-dpdns-io/CVE-2026-42945
CVE-2026-42945CRITICAL28 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC1
W5M1n9/NGINX-ngx_http_rewrite_module-heap-buffer-overflow-CVE-2026-9256
CVE-2026-9256CRITICAL28 mai 2026
NGINX ngx_http_rewrite_module vulnerability
48RISCO
abrir
GitHub PoC2
3nou9h/CVE-2026-9256-Poc
CVE-2026-9256CRITICAL28 mai 2026
NGINX ngx_http_rewrite_module vulnerability
48RISCO
abrir
GitHub PoC6
Proof-of-concept scripts for three vulnerabilities in Notepad++ <= 8.9.6, patched in v8.9.6.1 (2026-05-26) CVE-2026-48770 / CVE-2026-48778 / CVE-2026-48800
CVE-2026-48770MEDIUM28 mai 2026
Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash
33RISCO
abrir
GitHub PoC1
A x86_64 ASM implementation of PinTheft (CVE-2026-43494)
CVE-2026-43494HIGH28 mai 2026
net/rds: reset op_nents when zerocopy page pin fails
41RISCO
abrir
GitHub PoC10
Public advisory for CVE-2025-65640: Stored XSS vulnerability in Globe Document Intelligence.
CVE-2025-65640MEDIUM28 mai 2026
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.
33RISCO
abrir
GitHub PoC
CVE-2023-26083-Mali-InfoLeak-PoC
CVE-2023-26083LOWsob ataque28 mai 2026
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost
58RISCO
abrir
GitHub PoC
EXPLOIT CVE-2026-8832
CVE-2026-8832HIGH28 mai 2026
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RISCO
abrir
GitHub PoC1
funixone/EXPLOIT-CVE-2026-8832
CVE-2026-8832HIGH28 mai 2026
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-47100-Analysis-Lab
CVE-2026-47100HIGH28 mai 2026
Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX
41RISCO
abrir
GitHub PoC
aarch64 and x64 python POC
CVE-2026-31431HIGHsob ataque28 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
This script safely checks the local version of the LiteSpeed cPanel plugin to determine if the system is running a version vulnerable to CVE-2026-48172. It does not send exploits or interact with network endpoints maliciously.
CVE-2026-48172CRITICALsob ataque28 mai 2026
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild i
83RISCO
abrir
GitHub PoC
CVE-2026-35616 - Draft
CVE-2026-35616CRITICALsob ataque28 mai 2026
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta
100RISCO
abrir
GitHub PoC
CVE-2026-8380
CVE-2026-8380MEDIUM28 mai 2026
Frontend File Manager Plugin <= 23.6 - Author+ Arbitrary Post Deletion
33RISCO
abrir
GitHub PoC
krishnadevpmelevila/CVE-2026-39292
CVE-2026-39292HIGH28 mai 2026
Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder
41RISCO
abrir
GitHub PoC
Black-box web application penetration test of BadStore e-commerce platform. Covers SQL injection, CVE-2006-3918, HTTP request manipulation, OSINT-driven spear phishing, and MITRE ATT&CK-mapped findings.
CVE-2006-391828 mai 2026
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before
45RISCO
abrir
GitHub PoC1
Intentionally-vulnerable nginx 1.30.0 CVE lab images (CVE-2026-40701/42934/42945/42946) for isolated security research. Lab use only.
CVE-2026-40701MEDIUM28 mai 2026
NGINX ngx_http_ssl_module vulnerability
33RISCO
abrir
GitHub PoC1
Detection scanner for CVE-2026-48710 - Host-header auth bypass in Starlette/FastAPI
CVE-2026-48710MEDIUM28 mai 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RISCO
abrir
GitHub PoC6
Gogs RCE via argument injection in git rebase (CWE-88) — Python PoC. CVE-2026-52806
CVE-2026-52806CRITICAL28 mai 2026
Gogs: RCE via git rebase --exec argument injection in pull request merge
48RISCO
abrir
GitHub PoC
POC for CVE-2026-49009, an authenticated path traversal to RCE issue in Mender Server.
CVE-2026-49009LOW28 mai 2026
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RISCO
abrir
anteriorpágina 29 / 437próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.