Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.116 exploits
GitHub PoC★ 1
CVE-2026-2587 PoC validator for Eclipse GlassFish EL Injection RCE in the admin console gadget.jsf handler. Safe authenticated vulnerability scanner for authorized testing.
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used
48RISCO
abrir ↗GitHub PoC
Exploit for CVE-2026-41651 - PackageKit TOCTOU Local Privilege Escalation (Pack2TheRoot)
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
41RISCO
abrir ↗GitHub PoC★ 2
PoC for PwnKit / CVE-2021-4034 - Pkexec Local Privilege Escalation
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir ↗GitHub PoC
Verified vulnerability journey for CVE-2025-8110 (Gogs) and CVE-2025-3248 (Langflow) — risk triage, exploitability verification, verified patches.
File overwrite in file update API in Gogs
100RISCO
abrir ↗GitHub PoC
CVE-2024-4367–PDF.js-xss
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RISCO
abrir ↗GitHub PoC
ABYSS C2 — HiSilicon DVR Exploit Framework (CVE-2020-25078). Educational IoT security research platform.
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticate
100RISCO
abrir ↗GitHub PoC★ 23
An automated exploit for CVE-2026-0073 (Android ADB TLS Auth Bypass). Features a built-in mDNS/Zeroconf scanner to instantly discover randomized Wireless Debugging ports on Android 13+ and establishes a fully interactive raw PTY shell.
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISCO
abrir ↗GitHub PoC
hyperchk/CVE-2025-24071-POC
Microsoft Windows File Explorer Spoofing Vulnerability
38RISCO
abrir ↗GitHub PoC
Outdated Ghost CMS websites that have fallen become compromised from CVE-2026-26980 can suffer from spam code injection to pages. Use this to mass clear and edit code injection fields.
Ghost has a SQL Injection in its Content API
75RISCO
abrir ↗GitHub PoC
The code for personally reproducing the corresponding vulnerability
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RISCO
abrir ↗GitHub PoC
A Go implementation of dirtyfrag (CVE-2026-43284 / CVE-2026-43500)
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
Se realizó una evaluación de vulnerabilidades sobre una máquina virtual con Kali Linux utilizando un script detector para la vulnerabilidad Dirty Frag, asociada a las CVE-2026-43284 y CVE-2026-43500. Posteriormente se ejecutó un Proof of Concept (PoC) público escrito en lenguaje C para validar la posibilidad de realizar una escalada local
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
Exploit for DirtyDecrypt - CVE-2026-31635 Local Privilege Escalation
rxrpc: fix oversized RESPONSE authenticator length check
41RISCO
abrir ↗GitHub PoC
MGTx2/CVE-2026-39107
A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails
33RISCO
abrir ↗GitHub PoC★ 20
CVE-2026-31431-killed page-cache exploit — code exec into containers sharing the same image layer
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 3
CVE-2026-42945 - NGINX Rift Toolkit
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir ↗GitHub PoC
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
rxrpc: fix oversized RESPONSE authenticator length check
41RISCO
abrir ↗GitHub PoC
A small script to apply Yellowkey mitigation based on CVE-2026-45585 instructions
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir ↗GitHub PoC
CVE-2025-55182 Exploit | by infrar3d
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-34474: unauthenticated ETHCheat=1 requests leak the admin password and Wi-Fi PSK from ZTE H298A/H108N routers.
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to
46RISCO
abrir ↗GitHub PoC★ 1
POC_CVE-2026-45185 for nuclei-templates
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing p
48RISCO
abrir ↗GitHub PoC★ 1
A report on Dirty Frag, which is a Linux Local Privilege Escalation (LPE) vulnerability chain that allows an unprivileged user to gain root access
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
rufflabs/CVE-2026-36748
RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.
48RISCO
abrir ↗GitHub PoC★ 1
Dirty Frag - kernel Linux critical Vulnerability
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
The code for personally reproducing the corresponding vulnerability
LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/t
41RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.