Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
71.180 exploits
GitHub PoC
Ez4rd1x1/CVE-2026-8181
CVE-2026-8181CRITICAL02 jun 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
VulnCheck XDB
info-leak
CVE-2021-43798HIGHsob ataque02 jun 2026
Grafana path traversal
100RISCO
abrir
GitHub PoC
lorenzocamilli/CVE-2026-45332-PoC
CVE-2026-45332HIGH02 jun 2026
Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint
41RISCO
abrir
GitHub PoC
tematemaru/CVE-2026-31431-simple-test
CVE-2026-31431HIGHsob ataque01 jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC2
DeepSecurityResearch/CVE-2026-2586
CVE-2026-2586CRITICAL01 jun 2026
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user
48RISCO
abrir
GitHub PoC
CVE-2026-9560 - Draft
CVE-2026-9560CRITICAL01 jun 2026
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL01 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
VulnCheck XDB
info-leak
CVE-2026-0257HIGHsob ataque01 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-8732CRITICAL01 jun 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-24061CRITICALsob ataque01 jun 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHsob ataque01 jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
CVE-2026-24061 — GNU InetUtils Telnetd Authentication Bypass Scanner
CVE-2026-24061CRITICALsob ataque01 jun 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-41089CRITICAL01 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RISCO
abrir
GitHub PoC
ICT279 Vulnerability Detection and Mitigation Project using CVE-2025-24813 in an Internet Banking Environment
CVE-2025-24813CRITICALsob ataque01 jun 2026
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RISCO
abrir
Exploit-DB
Drupal Core 10.5.5 - Error-Based SQL Injection
CVE-2026-9082CRITICALsob ataquewebappsphp01 jun 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
Strapi CVE-2026-27886. Leaking sensitive data via relational filtering due to lack of query sanitization
CVE-2026-27886CRITICAL01 jun 2026
Strapi may leak sensitive data via relational filtering due to lack of query sanitization
48RISCO
abrir
GitHub PoC
SSRF — CVE-2026-44578 Scanner & Exploit ║ ║ Next.js WebSocket Upgrade Handler SSRF
CVE-2026-44578HIGH01 jun 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir
GitHub PoC
Automated defect verification tool for 6 dnsmasq CVEs (CVE-2026-2291, 4890, 4891, 4892, 4893, 5172)
CVE-2026-2291HIGH01 jun 2026
CVE-2026-2291
41RISCO
abrir
GitHub PoC2
A Go implementation of CIFSwitch (CVE-2026-46243)
CVE-2026-46243HIGH01 jun 2026
smb: client: reject userspace cifs.spnego descriptions
41RISCO
abrir
Exploit-DB
WordPress OrderConvo 14 - Path Traversal
CVE-2025-10162HIGH01 jun 2026
OrderConvo < 14 - Unauthenticated Arbitrary File Read
56RISCO
abrir
GitHub PoC
CVE-2026-8732 - Draft (WordPress)
CVE-2026-8732CRITICAL01 jun 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISCO
abrir
GitHub PoC8
p3Nt3st3r-sTAr/CVE-2026-8732-POC
CVE-2026-8732CRITICAL01 jun 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISCO
abrir
GitHub PoC
CVE analysis of CVE-2025-40536, SolarWinds Web Help Desk security control bypass (CVSS 8.1). Covers vulnerability mechanics, attack chain with companion RCE CVEs, Storm-2603 threat actor attribution, MITRE ATT&CK mapping, and detection/remediation guidance for DoD and government environments.
CVE-2025-40536HIGHsob ataque01 jun 2026
SolarWinds Web Help Desk Security Control Bypass Vulnerability
100RISCO
abrir
Metasploit500
HP Poly Voice Unauthenticated Remote Code Execution
CVE-2026-0826CRITICAL01 jun 2026
Poly Voice – Possible Remote Control of Certain Poly Devices
48RISCO
abrir
GitHub PoC
lucastran05/CVE-2026-29000
CVE-2026-29000CRITICAL01 jun 2026
pac4j-jwt JwtAuthenticator Authentication Bypass
48RISCO
abrir
GitHub PoC
afifudinmtop/MCPJam-Inspector-1.4.2-Remote-Code-Execution-CVE-2026-23744
CVE-2026-23744CRITICAL01 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC208
CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL)
CVE-2026-41089CRITICAL01 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RISCO
abrir
GitHub PoC1
Exploits the CVE-2026-0257 vulnerability by forging a GlobalProtect authentication override cookie using the TLS server's public key.
CVE-2026-0257HIGHsob ataque01 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
GitHub PoC
PAN-OS: GlobalProtect Authentication Bypass
CVE-2026-0257HIGHsob ataque01 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
GitHub PoC1
CVE-2026-45585
CVE-2026-45585MEDIUM31 mai 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir
anteriorpágina 38 / 2.373próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.