Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.180 exploits
Exploit-DB
YAMCS yamcs-core 5.12.7 - LDAP Injection
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RISCO
abrir ↗VulnCheck XDB
initial-access
Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection
63RISCO
abrir ↗VulnCheck XDB
initial-access
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISCO
abrir ↗GitHub PoC★ 3
CVE-2026-0257
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir ↗GitHub PoC
HAERIN-L/POC_CVE-2026-46716
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
48RISCO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗Exploit-DB
MikroORM 7.0.13 - SQL Injection
MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys
41RISCO
abrir ↗VulnCheck XDB
initial-access
cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source
60RISCO
abrir ↗VulnCheck XDB
remote-with-credentials
Active Directory Domain Services Elevation of Privilege Vulnerability
100RISCO
abrir ↗Exploit-DB
CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
CubeCart: Reflected XSS in Store Search Bar
33RISCO
abrir ↗GitHub PoC★ 26
Proof-of-concept script to leverage the PAN-OS GlobalProtect authentication bypass CVE-2026-0257
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir ↗GitHub PoC★ 2
akashsingh0454/CVE-2026-0257-PoC
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir ↗VulnCheck XDB
initial-access
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir ↗GitHub PoC
vishvacyber/Detection-Tool-Kit-for-CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
YAMCS yamcs-core < 5.12.7 lacks rate limiting on POST /auth/token. An unauthenticated attacker can perform unlimited brute-force attempts against any account. Never returns HTTP 429. Fixed in 5.12.7.
Yamcs: No Rate Limiting on Authentication Endpoint
33RISCO
abrir ↗GitHub PoC
# CVE-2026-44595 YAMCS Unauthorized User Enumeration via IAM API
Yamcs: Unauthorized user enumeration via IAM API endpoints
33RISCO
abrir ↗GitHub PoC
An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing authentication bypass.
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RISCO
abrir ↗Exploit-DB
ZTE ZXHN H188A V6 - Authentication Bypass
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RISCO
abrir ↗VulnCheck XDB
initial-access
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir ↗GitHub PoC
CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials
FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
48RISCO
abrir ↗Exploit-DB
Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload
48RISCO
abrir ↗GitHub PoC
NocoDB Shared-Base Links Could Invite Real Base Members and Survive Share Revocation
NocoDB: Shared-base link access can invite arbitrary users as persistent base members
33RISCO
abrir ↗Exploit-DB
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RISCO
abrir ↗VulnCheck XDB
initial-access
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RISCO
abrir ↗GitHub PoC★ 1
Safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network App
68RISCO
abrir ↗Exploit-DB
Prodigy Commerce 3.3.0 - Local File Inclusion
Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]
63RISCO
abrir ↗GitHub PoC
P1 W8 S22 - Metasploit Samba CVE-2007-2447 Exploitation
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.