Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC
xd20111/CVE-2026-43284
CVE-2026-43284HIGH15 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC3
In‑depth technical analysis of CVE‑2026‑41096, a critical heap overflow in Windows DNSAPI.dll enabling remote code execution via crafted DNS responses. Includes attack vectors, patch insights, and defensive guidance for security teams.
CVE-2026-41096CRITICAL15 mai 2026
Windows DNS Client Remote Code Execution Vulnerability
48RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-44338-Lab
CVE-2026-44338HIGH15 mai 2026
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
61RISCO
abrir
GitHub PoC
Astianjy/CVE-2026-42203
CVE-2026-42203HIGH15 mai 2026
LiteLLM: Server-Side Template Injection in /prompts/test endpoint
41RISCO
abrir
GitHub PoC
permite a un atacante remoto no autenticado leer archivos arbitrarios del sistema afectado mediante una inyección de XML External Entity (XXE)
CVE-2026-20224HIGH15 mai 2026
Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability
41RISCO
abrir
GitHub PoC2
CVE-2026-8181 PoC: Burst Statistics (3.4.0–3.4.1.1) authentication bypass. Python tool — single & multi-target scans, threaded workers, TXT reports. Authorized testing only. Maintainer: mürrez.
CVE-2026-8181CRITICAL15 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
GitHub PoC
Toshiba Qiomem.sys vulnerable driver POC (CVE-2026-56129)
CVE-2026-56129MEDIUM15 mai 2026
Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insuf
33RISCO
abrir
GitHub PoC4
CVE-2026-42897 - Exchange Health Checker blind spot: outbound IIS URL Rewrite rules silently ignored, making EOMT mitigations invisible in diagnostic reports.
CVE-2026-42897HIGHsob ataque15 mai 2026
Microsoft Exchange Server Spoofing Vulnerability
71RISCO
abrir
GitHub PoC3
Behavioral detection script for CVE-2026-42945 (NGINX Rift) — heap overflow in ngx_http_rewrite_module. No RCE, crash-based detection only.
CVE-2026-42945CRITICAL15 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
byezero/nginx-cve-2026-42945-check
CVE-2026-42945CRITICAL15 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Centralized Wazuh SCA Assessment for CVE-2026-42945 on NGINX Servers
CVE-2026-42945CRITICAL15 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Tester for CVE-2026-43284
CVE-2026-43284HIGH15 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
CVE-2026-44338
CVE-2026-44338HIGH15 mai 2026
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
61RISCO
abrir
GitHub PoC
# CVE-2026-42154 — Prometheus Remote Read Snappy DoS
CVE-2026-42154HIGH15 mai 2026
Prometheus: remote read endpoint allows denial of service via crafted snappy payload
41RISCO
abrir
GitHub PoC6
Automated exploitation scanner for Oracle Reports Server (rwservlet) — CVE-2012-3152 / CVE-2012-3153. Detects, fingerprints, reads files via LFI, tests SSRF via webhook, and uploads JSP shells. Targets Oracle Reports < 11g. For authorized use only.
CVE-2012-3152CRITICALsob ataque15 mai 2026
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
100RISCO
abrir
GitHub PoC
Educational environment for LTAT.04.022 Homework 4.
CVE-2023-44487HIGHsob ataque15 mai 2026
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many
93RISCO
abrir
GitHub PoC2
Working PoC for CVE-2025-32432 - Craft CMS <= 5.6.16 unauthenticated RCE via Yii2 PhpManager gadget + nginx access.log poisoning
CVE-2025-32432CRITICALsob ataque15 mai 2026
Craft CMS Allows Remote Code Execution
100RISCO
abrir
GitHub PoC
tocong282/CVE-2026-44578-PoC
CVE-2026-44578HIGH15 mai 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir
GitHub PoC1
forxiucn/nginx-cve-2026-42945-poc
CVE-2026-42945CRITICAL15 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC18
Script Python para detecção de instâncias Nginx vulneráveis ao CVE-2026-42945 em IPs, CIDRs e ASNs.
CVE-2026-42945CRITICAL15 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Medaz-Sploit/CVE-2025-9074-Docker-Desktop-API-Escape-PoC
CVE-2025-9074CRITICAL15 mai 2026
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RISCO
abrir
GitHub PoC4
jelasin/CVE-2026-42945
CVE-2026-42945CRITICAL15 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC1
CVE-2026-42945: nginx-rift vulnerability analysis and detection script
CVE-2026-42945CRITICAL15 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC1
VsFTPd 2.3.4 Backdoor Command Execution
CVE-2011-252315 mai 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC
LangFlow RCE | CVE-2026-0770 | Proof-Of-Concept
CVE-2026-0770CRITICAL15 mai 2026
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RISCO
abrir
GitHub PoC
Este proyecto tiene como objetivo demostrar de forma práctica el funcionamiento del exploit Dirty COW (CVE-2016-5195), una vulnerabilidad crítica del en el kernel de Linux. Se simula un escenario realista en el que un atacante con acceso local limitado a un sistema sin parchear logra escalar sus privilegios hasta obtener acceso completo como root.
CVE-2016-5195HIGHsob ataque15 mai 2026
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISCO
abrir
GitHub PoC6
Nuclei templates for detecting CVE-2026-44578 (Next.js WebSocket Upgrade SSRF) with multi-cloud metadata validation, Next.js fingerprinting, and real-world scanning workflows. Includes references to the original NextSSRF research and exploit tooling.
CVE-2026-44578HIGH15 mai 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir
GitHub PoC
nhh9905/CVE-2022-37969
CVE-2022-37969HIGHsob ataque15 mai 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISCO
abrir
GitHub PoC13
CVE-2026-46300
CVE-2026-46300HIGH15 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC75
NextSSRF — CVE-2026-44578 Scanner & Exploit ║ ║ Next.js WebSocket Upgrade Handler SSRF
CVE-2026-44578HIGH15 mai 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir
anteriorpágina 41 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.