Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC2
nanwinata/nginxrift-CVE-2026-42945
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
ydking0911/CVE-2026-4060-PoC
CVE-2026-4060HIGH14 mai 2026
Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'sort' Parameter
41RISCO
abrir
GitHub PoC19
NGINX Rift 漏洞分析与复现
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC2
CVE-2026-42945
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC1
CVE-2026-44403-WingFTP-v8.1.2-POC-Exploit
CVE-2026-44403HIGH14 mai 2026
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RISCO
abrir
GitHub PoC1
Proof of concept exploit for CVE-2026-46391
CVE-2026-46391HIGH14 mai 2026
HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis
41RISCO
abrir
GitHub PoC
These detection scripts are property of the SECPlayground Platform. Two safe detection scripts. Neither drives the close_notify-mid-BDAT trigger, so they will not crash the daemon or leave panic-log entries. Both verdicts are "likely vulnerable" — distinguishing GnuTLS from OpenSSL builds remotely is not reliable without exploitation.
CVE-2026-45185CRITICAL14 mai 2026
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing p
48RISCO
abrir
GitHub PoC
ChamsBouzaiene/ai-vuln-rediscovery-nginx-cve-2026-42945
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter
CVE-2026-6145MEDIUM14 mai 2026
User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter
33RISCO
abrir
GitHub PoC15
p3Nt3st3r-sTAr/CVE-2026-42945-POC
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC1
Scan your NGINX configuration to determine whether it is affected by CVE-2026-42945.
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Test repo: simulates CVE-2025-30066 style compromised GitHub Action (for security research/testing chainradar)
CVE-2025-30066HIGHsob ataque14 mai 2026
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 thr
83RISCO
abrir
GitHub PoC
A comprehensive full-lifecycle penetration testing project on Joomla 4.2.5 exploiting CVE-2023-23752 inside a Dockerized lab environment
CVE-2023-23752MEDIUMsob ataque14 mai 2026
[20230201] - Core - Improper access check in webservice endpoints
100RISCO
abrir
GitHub PoC5
CVE-2026-8181 - Burst Statistics 3.4.0-3.4.1.1 Unauthenticated Authentication Bypass to Admin Account Takeover | Proof of Concept
CVE-2026-8181CRITICAL14 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
GitHub PoC
mbanyamer/CVE-2026-22553-InSAT-MasterSCADA-BUK-TS-MMadmServ
CVE-2026-22553CRITICAL14 mai 2026
InSAT MasterSCADA BUK-TS OS Command Injection
48RISCO
abrir
GitHub PoC1
CVE-2026-46300
CVE-2026-46300HIGH14 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC1
Sentebale/CVE-2026-46300
CVE-2026-46300HIGH14 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC
0xFuffM3/CVE-2026-31431-CopyFail
CVE-2026-31431HIGHsob ataque14 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC46
exploit for CVE-2026-42945
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Snort 3 IDS → IPS lab on Kali. Custom detection rules + iptables enforcement against ICMP recon, Nmap SYN scans, Hydra FTP brute force, and vsftpd 2.3.4 backdoor (CVE-2011-2523).
CVE-2011-252314 mai 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC
A CopyFail CVE-2026-31431 implementation in python that isnt slop! Bring your own payload
CVE-2026-31431HIGHsob ataque14 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC33
Nginx Rewrite CVE Scan(CVE-2026-42945 nginx-rift CVE-2026-9256)
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
There is a path injection vulnerability in OpenPLC-v3, which arises from the program not performing any validity checks on the file path parameters passed in from the command line. Attackers can read any readable file by constructing malicious paths, posing a risk of information leakage.
CVE-2026-31156MEDIUM13 mai 2026
A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program com
33RISCO
abrir
GitHub PoC
pixelotes/lab-cve-2023-4863
CVE-2023-4863HIGHsob ataque13 mai 2026
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RISCO
abrir
GitHub PoC
Controlled reproduction of CVE-2017-0144 (EternalBlue) in an isolated AWS EC2 lab — exploit analysis, Wireshark traffic capture, and MITRE ATT&CK mapping
CVE-2017-0144HIGHsob ataqueransomware13 mai 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
GitHub PoC7
🚀 CVE-2026-0073 - Android ADB Wireless Debugging Exploit (CVSS 8.8) 🔓 Zero-click authentication bypass via TLS type confusion. Gain interactive shell, execute commands, scan networks. Educational red-team tool. 🐚⚡
CVE-2026-0073HIGH13 mai 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISCO
abrir
GitHub PoC
copy-fail-CVE-2026-31431
CVE-2026-31431HIGHsob ataque13 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
SessionReaper-CVE-2025-54236
CVE-2025-54236CRITICALsob ataque13 mai 2026
Adobe Commerce | Improper Input Validation (CWE-20)
100RISCO
abrir
GitHub PoC
Bencodin/CVE-2026-23918-poc
CVE-2026-23918HIGH13 mai 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISCO
abrir
GitHub PoC1
First CTF successfully completed! This repo documents my walkthrough of TryHackMe's Simple CTF. It covers network reconnaissance (Nmap), web exploitation (CVE-2019-9053), and credential cracking. As a dev, it was great to pivot from SQLi to a Root shell by leveraging Sudo misconfigurations. Educational purposes only.
CVE-2019-905313 mai 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir
anteriorpágina 42 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.