Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC2
CVE-2026-9082 | SA-CORE-2026-004
CVE-2026-9082CRITICALsob ataque21 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
Scanner para identificação de servidores com softwares SSH possivelmente vulnerável às CVEs CVE-2024-6387 e CVE-2023-48795.
CVE-2024-6387HIGH21 mai 2026
Openssh: regresshion - race condition in ssh allows rce/dos
63RISCO
abrir
GitHub PoC11
CVE-2026-41091
CVE-2026-41091HIGHsob ataque21 mai 2026
Microsoft Defender Elevation of Privilege Vulnerability
71RISCO
abrir
GitHub PoC
cve poc
CVE-2026-9082CRITICALsob ataque21 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
CVE-2026-0300 PAN-OS 12.1, 11.2, 11.1, 10.2
CVE-2026-0300CRITICALsob ataque21 mai 2026
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
90RISCO
abrir
GitHub PoC1
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload → RCE
CVE-2026-4885CRITICAL21 mai 2026
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload
48RISCO
abrir
GitHub PoC
CVE-2026-31431-CopyFail---Minified-LPE-PoC
CVE-2026-31431HIGHsob ataque21 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
CVE-2026-46680 exploit
CVE-2026-46680HIGH21 mai 2026
containerd user ID handling bypass allows runAsNonRoot evasion
41RISCO
abrir
GitHub PoC
Synthetic demo target for EXPOSURE — CVE-2018-21268 (traceroute) + CVE-2018-3757 (pdf-image)
CVE-2018-21268CRITICAL21 mai 2026
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host para
48RISCO
abrir
GitHub PoC22
CVE-2026-45250 - FreeBSD 14.x LPE
CVE-2026-45250HIGH21 mai 2026
Stack buffer overflow via setcred(2)
41RISCO
abrir
GitHub PoC4
PoC for CVE-2024-6678
CVE-2024-6678CRITICAL21 mai 2026
Authentication Bypass by Spoofing in GitLab
48RISCO
abrir
GitHub PoC2
Langflow Arbitrary Directory Deletion
CVE-2026-42048CRITICAL21 mai 2026
Langflow: Path Traversal in Langflow Knowledge Bases API
48RISCO
abrir
GitHub PoC1
Intune Remediation package for the CVE-2026-45585 YellowKey BitLocker/WinRE bypass mitigation described in the provided procedure. This package removes `autofstx.exe` from the offline WinRE image's `BootExecute` value and refreshes WinRE registration so BitLocker trust is reestablished.
CVE-2026-45585MEDIUM21 mai 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir
GitHub PoC1
CVE-2026-9082
CVE-2026-9082CRITICALsob ataque21 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
ercihan/CVE-2026-40369
CVE-2026-40369HIGH21 mai 2026
Windows Kernel Elevation of Privilege Vulnerability
41RISCO
abrir
GitHub PoC1
PoC for CVE-2026-9082 (Drupal SA-CORE-2026-004) Drupal Core SQLi
CVE-2026-9082CRITICALsob ataque21 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
EXPOSURE demo target: Tomcat (CVE-2016-0714) + Apache Rave (CVE-2013-1814) + Java filter-padding deps
CVE-2013-181421 mai 2026
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain s
60RISCO
abrir
GitHub PoC20
Drupal Core PostgreSQL SQL Injection PoC - CVE-2026-9082. Ethical PoC for the Drupal vulnerability allowing anonymous SQL injection through the JSON:API module on PostgreSQL-backed sites.
CVE-2026-9082CRITICALsob ataque21 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
Vulnerability Case Study: CVE-2026-33829 (Windows Snipping Tool NTLM Coercion)
CVE-2026-33829MEDIUM21 mai 2026
Windows Snipping Tool Spoofing Vulnerability
33RISCO
abrir
GitHub PoC
yusufdalbudak/CVE-2026-42945
CVE-2026-42945CRITICAL20 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC3
CVE-2026-42945 - NGINX Rift Toolkit
CVE-2026-42945CRITICAL20 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Maxime288/Fragnesia-CVE-2026-46300
CVE-2026-46300HIGH20 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC2
A Go implementation of fragnesia (CVE-2026-46300)
CVE-2026-46300HIGH20 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC23
An automated exploit for CVE-2026-0073 (Android ADB TLS Auth Bypass). Features a built-in mDNS/Zeroconf scanner to instantly discover randomized Wireless Debugging ports on Android 13+ and establishes a fully interactive raw PTY shell.
CVE-2026-0073HIGH20 mai 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISCO
abrir
GitHub PoC
a24ac1/CVE-2026-0740
CVE-2026-0740CRITICAL20 mai 2026
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISCO
abrir
GitHub PoC
ABYSS C2 — HiSilicon DVR Exploit Framework (CVE-2020-25078). Educational IoT security research platform.
CVE-2020-25078HIGHsob ataque20 mai 2026
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticate
100RISCO
abrir
GitHub PoC1
VULNERAVEL CVE-2018-14847 - CREDENCIAIS EXTRAIDAS MIKROTIK EM PYTHON
CVE-2018-14847CRITICALsob ataque20 mai 2026
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated
100RISCO
abrir
GitHub PoC
POC for CVE-2026-30950 which allows session hijacking in AutoGpt
CVE-2026-30950HIGH20 mai 2026
AutoGPT has Authenticated Session Hijacking via IDOR
41RISCO
abrir
GitHub PoC
Outdated Ghost CMS websites that have fallen become compromised from CVE-2026-26980 can suffer from spam code injection to pages. Use this to mass clear and edit code injection fields.
CVE-2026-26980CRITICAL20 mai 2026
Ghost has a SQL Injection in its Content API
75RISCO
abrir
GitHub PoC
hyperchk/CVE-2025-24071-POC
CVE-2025-24071MEDIUM20 mai 2026
Microsoft Windows File Explorer Spoofing Vulnerability
38RISCO
abrir
anteriorpágina 36 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.