Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC
Educational laboratory for studying CVE-2014-0160 (Heartbleed) and framing inconsistencies in TLS heartbeat handling.
CVE-2014-0160HIGHsob ataque25 mai 2026
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RISCO
abrir
GitHub PoC28
CVE-2026-0091, play with an issue in android window management to perform arbitrary code execution in Launcher process from adb
CVE-2026-0091HIGH25 mai 2026
In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell u
41RISCO
abrir
GitHub PoC
A proof of concept for CVE 2024 23113 inspired by WatchTowr's article.
CVE-2024-23113CRITICALsob ataque25 mai 2026
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.
90RISCO
abrir
GitHub PoC
translating original python exploit to C
CVE-2026-0073HIGH25 mai 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISCO
abrir
GitHub PoC
CVE-2026-38427 — Integer Wraparound → Heap Buffer Overflow in Tasmota fetch_jpg() uint16_t (Tasmota <= 15.3.0.3)
CVE-2026-38427HIGH25 mai 2026
An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffe
41RISCO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-47101HIGH25 mai 2026
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
41RISCO
abrir
GitHub PoC
renewablehacking/CVE-2026-45321-Tanstack
CVE-2026-45321CRITICALsob ataqueransomware25 mai 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir
GitHub PoC
Proof-of-concept for CVE-2026-43494 (PinTheft): Linux LPE via RDS zerocopy refcount bug + io_uring fixed buffers → SUID page-cache overwrite. Authorized research only.
CVE-2026-43494HIGH25 mai 2026
net/rds: reset op_nents when zerocopy page pin fails
41RISCO
abrir
GitHub PoC
This is POC repo for CVE-2026-48208
CVE-2026-48208MEDIUM25 mai 2026
Denial-of-Service via SVG Rendering in Ticket
33RISCO
abrir
GitHub PoC
HAERIN-L/POC_CVE-2026-42880
CVE-2026-42880CRITICAL25 mai 2026
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
48RISCO
abrir
GitHub PoC
This is POC repo for CVE-2026-48188
CVE-2026-48188CRITICAL25 mai 2026
SQL Injection via MySQL Quote Method
48RISCO
abrir
GitHub PoC
Tracking the nginx CVE-2026-9256 rewrite-module heap overflow
CVE-2026-9256CRITICAL24 mai 2026
NGINX ngx_http_rewrite_module vulnerability
48RISCO
abrir
GitHub PoC
CVE-2025-47812 Poc for wingdata HTB
CVE-2025-47812CRITICALsob ataque24 mai 2026
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir
GitHub PoC4
BitLocker TPM+PIN Hardening Against CVE-2026-45585 (YellowKey)
CVE-2026-45585MEDIUM24 mai 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir
GitHub PoC
mein-0/cve-2026-29923
CVE-2026-29923HIGH24 mai 2026
The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a
41RISCO
abrir
GitHub PoC
Lab detection exercise for DirtyFrag (CVE-2026-43284) - Linux kernel privilege escalation via xfrm-ESP page cache corruption. Full write-up covering exploit execution, detection gaps, and corrected EQL rules using Elastic Stack
CVE-2026-43284HIGH24 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
CMS Made Simple CVE-2019-9053 Exploit (Python 3)
CVE-2019-905324 mai 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir
GitHub PoC1
Automated scanner & post-exploitation toolkit for CVE-2026-41940 — cPanel & WHM root authentication bypass via session-file CRLF injection
CVE-2026-41940CRITICALsob ataqueransomware24 mai 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC
Ambiente Docker para demonstração prática da CVE-2025-54236 (SessionReaper): PHP Object Deserialization levando a RCE em Magento Open Source 2.4.7
CVE-2025-54236CRITICALsob ataque24 mai 2026
Adobe Commerce | Improper Input Validation (CWE-20)
100RISCO
abrir
GitHub PoC3
CVE-2026-41096: Heap Overflow in the Windows DNS Client
CVE-2026-41096CRITICAL24 mai 2026
Windows DNS Client Remote Code Execution Vulnerability
48RISCO
abrir
GitHub PoC39
windows api bug
CVE-2026-41096CRITICAL24 mai 2026
Windows DNS Client Remote Code Execution Vulnerability
48RISCO
abrir
GitHub PoC1
CVE-2026-39987 Exploitation Tool - Marimo < 0.23.0 Pre-Auth RCE (WebSocket)
CVE-2026-39987CRITICALsob ataque24 mai 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISCO
abrir
GitHub PoC
CVE-2025-55182 — Unauthenticated RCE in React Server Components (React2Shell). CVSS 10.0 exploit tool for authorized penetration testing.
CVE-2025-55182CRITICALsob ataqueransomware24 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
🎓 PoC Educativo para CVE-2026-23520. Laboratorio de análisis de vulnerabilidades y mitigación controlada. 🧪
CVE-2026-23520CRITICAL24 mai 2026
Arcane has a Command Injection in Arcane Updater Lifecycle Labels Enables RCE
48RISCO
abrir
GitHub PoC
CVE-2026-20182
CVE-2026-20182CRITICALsob ataque24 mai 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir
GitHub PoC2
copy_fail:CVE-2026-31431
CVE-2026-31431HIGHsob ataque24 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Leemyunglyul/cve-2021-4034-mock
CVE-2021-4034HIGHsob ataque24 mai 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC7
Drupal CVE-2026-9082 Blind SQL Injection Checker
CVE-2026-9082CRITICALsob ataque24 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
w3nch/CVE-2025-55182-in-go
CVE-2025-55182CRITICALsob ataqueransomware24 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC1
Local Privilege Escalation in Amazon WorkSpaces via TOCTOU and Arbitrary File Write
CVE-2026-7791HIGH24 mai 2026
Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpace
41RISCO
abrir
anteriorpágina 32 / 437próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.