Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC
NullByte8080/CVE-2026-36226
CVE-2026-36226MEDIUM22 mai 2026
Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensit
33RISCO
abrir
GitHub PoC
NullByte8080/CVE-2026-36227
CVE-2026-36227MEDIUM22 mai 2026
Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and e
33RISCO
abrir
GitHub PoC
CVE-2026-20223
CVE-2026-20223CRITICAL22 mai 2026
Cisco Secure Workload Unauthorized API Access Vulnerability
48RISCO
abrir
GitHub PoC
96613686/CVE-2026-45584
CVE-2026-45584HIGH22 mai 2026
Microsoft Defender Remote Code Execution Vulnerability
41RISCO
abrir
GitHub PoC
CVE-2026-41091 / CVE-2026-45498 Microsoft Defender vulnerability scanner
CVE-2026-41091HIGHsob ataque22 mai 2026
Microsoft Defender Elevation of Privilege Vulnerability
71RISCO
abrir
GitHub PoC
Portable Python PoC for CVE-2026-31431 (Copy Fail)
CVE-2026-31431HIGHsob ataque22 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Pumila03/CVE-2026-6009
CVE-2026-6009HIGH22 mai 2026
Jaspersoft Library Deserialisation Vulnerability
41RISCO
abrir
GitHub PoC
Divi Form Builder <= 5.1.2 — Unauthenticated Privilege Escalation via Role Injection
CVE-2026-5118CRITICAL22 mai 2026
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
48RISCO
abrir
GitHub PoC2
CVE-2026-43494
CVE-2026-43494HIGH22 mai 2026
net/rds: reset op_nents when zerocopy page pin fails
41RISCO
abrir
GitHub PoC
BastianXploited/CVE-2026-8181
CVE-2026-8181CRITICAL22 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
GitHub PoC
jaf0rk/CVE-2026-5281
CVE-2026-5281HIGHsob ataque22 mai 2026
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render
71RISCO
abrir
GitHub PoC
This vulnerability allows unauthenticated attackers who know a valid administrator username to impersonate that admin during REST API requests by using any incorrect password in a Basic Authentication header. Attackers could abuse this flaw to create a new administrator account without prior authentication.
CVE-2026-8181CRITICAL22 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
GitHub PoC
CVE-2026-42208 - LiteLLM SQL Injection vulnerability scanner for BerriAI LiteLLM proxy instances
CVE-2026-42208CRITICALsob ataque22 mai 2026
LiteLLM: SQL injection in Proxy API key verification
100RISCO
abrir
GitHub PoC3
eprocess offset puller for relevant member offsets and function addresses for cve-2026-40369
CVE-2026-40369HIGH22 mai 2026
Windows Kernel Elevation of Privilege Vulnerability
41RISCO
abrir
GitHub PoC
Portable Python PoC for CVE-2026-31431 (Copy Fail)
CVE-2026-31431HIGHsob ataque22 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
logis11/CVE-2025-55423-analysis-and-reproduction
CVE-2025-55423CRITICAL22 mai 2026
A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the contr
48RISCO
abrir
GitHub PoC
CVE-2024-6387 POC (Currently being edited)
CVE-2024-6387HIGH22 mai 2026
Openssh: regresshion - race condition in ssh allows rce/dos
63RISCO
abrir
GitHub PoC
felisha-elmer/Sandbox-Challenge-Spring4Shell-CVE-2022-22965-
CVE-2022-22965CRITICALsob ataque22 mai 2026
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISCO
abrir
GitHub PoC
Python exploit toolkit for WordPress Crop Image RCE — CVE-2019-8942 & CVE-2019-8943
CVE-2019-894222 mai 2026
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry ca
60RISCO
abrir
GitHub PoC
Critical WIC bug (9.8): uninitialized JPEG encode pointers in WindowsCodecs.dll — triggers on 12/16-bit re-encode, not casual preview.
CVE-2025-50165CRITICAL22 mai 2026
Windows Graphics Component Remote Code Execution Vulnerability
48RISCO
abrir
GitHub PoC
r3nsi15/CVE-2026-33017-langflow-rce
CVE-2026-33017CRITICALsob ataque22 mai 2026
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
100RISCO
abrir
GitHub PoC
Scanner para identificação de servidores com softwares SSH possivelmente vulnerável às CVEs CVE-2024-6387 e CVE-2023-48795.
CVE-2024-6387HIGH21 mai 2026
Openssh: regresshion - race condition in ssh allows rce/dos
63RISCO
abrir
GitHub PoC
Synthetic demo target for EXPOSURE — CVE-2018-21268 (traceroute) + CVE-2018-3757 (pdf-image)
CVE-2018-21268CRITICAL21 mai 2026
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host para
48RISCO
abrir
GitHub PoC
EXPOSURE demo target: Tomcat (CVE-2016-0714) + Apache Rave (CVE-2013-1814) + Java filter-padding deps
CVE-2013-181421 mai 2026
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain s
60RISCO
abrir
GitHub PoC
「🪶」PoC (Proof of concept) of Path traversal + RCE in Apache HTTP Server 2.4.49
CVE-2021-41773HIGHsob ataqueransomware21 mai 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC
ercihan/CVE-2026-40369
CVE-2026-40369HIGH21 mai 2026
Windows Kernel Elevation of Privilege Vulnerability
41RISCO
abrir
GitHub PoC
CVE-2026-31431-CopyFail---Minified-LPE-PoC
CVE-2026-31431HIGHsob ataque21 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
yangh-beep/CVE-2026-31431-C
CVE-2026-31431HIGHsob ataque21 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC2
Langflow Arbitrary Directory Deletion
CVE-2026-42048CRITICAL21 mai 2026
Langflow: Path Traversal in Langflow Knowledge Bases API
48RISCO
abrir
GitHub PoC
A Go implementation of dirtydecrypt (CVE-2026-31635)
CVE-2026-31635HIGH21 mai 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RISCO
abrir
anteriorpágina 35 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.