Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC1
CVE-2026-2587 PoC validator for Eclipse GlassFish EL Injection RCE in the admin console gadget.jsf handler. Safe authenticated vulnerability scanner for authorized testing.
CVE-2026-2587CRITICAL20 mai 2026
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used
48RISCO
abrir
GitHub PoC
Exploit for CVE-2026-41651 - PackageKit TOCTOU Local Privilege Escalation (Pack2TheRoot)
CVE-2026-41651HIGH20 mai 2026
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
41RISCO
abrir
GitHub PoC2
PoC for PwnKit / CVE-2021-4034 - Pkexec Local Privilege Escalation
CVE-2021-4034HIGHsob ataque20 mai 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC
Verified vulnerability journey for CVE-2025-8110 (Gogs) and CVE-2025-3248 (Langflow) — risk triage, exploitability verification, verified patches.
CVE-2025-8110HIGHsob ataque20 mai 2026
File overwrite in file update API in Gogs
100RISCO
abrir
GitHub PoC
CVE-2025-8110 Proof of Concept
CVE-2025-8110HIGHsob ataque20 mai 2026
File overwrite in file update API in Gogs
100RISCO
abrir
GitHub PoC
CVE-2024-4367–PDF.js-xss
CVE-2024-4367MEDIUM20 mai 2026
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RISCO
abrir
GitHub PoC
ABYSS C2 — HiSilicon DVR Exploit Framework (CVE-2020-25078). Educational IoT security research platform.
CVE-2020-25078HIGHsob ataque20 mai 2026
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticate
100RISCO
abrir
GitHub PoC23
An automated exploit for CVE-2026-0073 (Android ADB TLS Auth Bypass). Features a built-in mDNS/Zeroconf scanner to instantly discover randomized Wireless Debugging ports on Android 13+ and establishes a fully interactive raw PTY shell.
CVE-2026-0073HIGH20 mai 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISCO
abrir
GitHub PoC
hyperchk/CVE-2025-24071-POC
CVE-2025-24071MEDIUM20 mai 2026
Microsoft Windows File Explorer Spoofing Vulnerability
38RISCO
abrir
GitHub PoC
Outdated Ghost CMS websites that have fallen become compromised from CVE-2026-26980 can suffer from spam code injection to pages. Use this to mass clear and edit code injection fields.
CVE-2026-26980CRITICAL20 mai 2026
Ghost has a SQL Injection in its Content API
75RISCO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-42271HIGHsob ataque20 mai 2026
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RISCO
abrir
GitHub PoC
A Go implementation of dirtyfrag (CVE-2026-43284 / CVE-2026-43500)
CVE-2026-43284HIGH20 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
Se realizó una evaluación de vulnerabilidades sobre una máquina virtual con Kali Linux utilizando un script detector para la vulnerabilidad Dirty Frag, asociada a las CVE-2026-43284 y CVE-2026-43500. Posteriormente se ejecutó un Proof of Concept (PoC) público escrito en lenguaje C para validar la posibilidad de realizar una escalada local
CVE-2026-43284HIGH20 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
Exploit for DirtyDecrypt - CVE-2026-31635 Local Privilege Escalation
CVE-2026-31635HIGH20 mai 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RISCO
abrir
GitHub PoC
MGTx2/CVE-2026-39107
CVE-2026-39107MEDIUM20 mai 2026
A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails
33RISCO
abrir
GitHub PoC20
CVE-2026-31431-killed page-cache exploit — code exec into containers sharing the same image layer
CVE-2026-31431HIGHsob ataque20 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC3
CVE-2026-42945 - NGINX Rift Toolkit
CVE-2026-42945CRITICAL20 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
CVE-2026-31635HIGH20 mai 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RISCO
abrir
GitHub PoC
A small script to apply Yellowkey mitigation based on CVE-2026-45585 instructions
CVE-2026-45585MEDIUM20 mai 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir
GitHub PoC
NGINX CVE-2026-42945 一键修复脚本
CVE-2026-42945CRITICAL19 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
CVE-2025-55182 Exploit | by infrar3d
CVE-2025-55182CRITICALsob ataqueransomware19 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC1
CVE-2026-34474: unauthenticated ETHCheat=1 requests leak the admin password and Wi-Fi PSK from ZTE H298A/H108N routers.
CVE-2026-34474HIGH19 mai 2026
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to
46RISCO
abrir
GitHub PoC1
POC_CVE-2026-45185 for nuclei-templates
CVE-2026-45185CRITICAL19 mai 2026
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing p
48RISCO
abrir
GitHub PoC1
RedCrazyGhost/CVE-2026-42945
CVE-2026-42945CRITICAL19 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
imSre9/CVE-2026-42945
CVE-2026-42945CRITICAL19 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC5
CVE-2026-31635
CVE-2026-31635HIGH19 mai 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RISCO
abrir
GitHub PoC1
A report on Dirty Frag, which is a Linux Local Privilege Escalation (LPE) vulnerability chain that allows an unprivileged user to gain root access
CVE-2026-43284HIGH19 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
rufflabs/CVE-2026-36748
CVE-2026-36748CRITICAL19 mai 2026
RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.
48RISCO
abrir
GitHub PoC1
Dirty Frag - kernel Linux critical Vulnerability
CVE-2026-43284HIGH19 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-40217HIGH19 mai 2026
LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/t
41RISCO
abrir
anteriorpágina 37 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.