Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC
Checker and fixer for all 13 vulnerabilities in the Next.js May 2026 security release (CVE-2026-23870)
CVE-2026-23870HIGH13 mai 2026
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpo
41RISCO
abrir
GitHub PoC7
🚀 CVE-2026-0073 - Android ADB Wireless Debugging Exploit (CVSS 8.8) 🔓 Zero-click authentication bypass via TLS type confusion. Gain interactive shell, execute commands, scan networks. Educational red-team tool. 🐚⚡
CVE-2026-0073HIGH13 mai 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISCO
abrir
GitHub PoC
Reproduced the fileless LPE CVE‑2026‑31431 (“Copy Fail”) on Kali Linux, then built auditd, Sigma & YARA detections to catch this stealthy kernel exploit that leaves no disk footprint.
CVE-2026-31431HIGHsob ataque13 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
SessionReaper-CVE-2025-54236
CVE-2025-54236CRITICALsob ataque13 mai 2026
Adobe Commerce | Improper Input Validation (CWE-20)
100RISCO
abrir
GitHub PoC3
A Bash implementation of copyfail (CVE-2026-31431)
CVE-2026-31431HIGHsob ataque13 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
There is a path injection vulnerability in OpenPLC-v3, which arises from the program not performing any validity checks on the file path parameters passed in from the command line. Attackers can read any readable file by constructing malicious paths, posing a risk of information leakage.
CVE-2026-31156MEDIUM13 mai 2026
A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program com
33RISCO
abrir
GitHub PoC254
Full exploit code for CVE-2026-40369 - A Windows kernel arbitrary write vulnerability that allows browser sandbox escape from all browsers render process sandbox
CVE-2026-40369HIGH13 mai 2026
Windows Kernel Elevation of Privilege Vulnerability
41RISCO
abrir
GitHub PoC
pixelotes/lab-cve-2023-4863
CVE-2023-4863HIGHsob ataque13 mai 2026
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RISCO
abrir
GitHub PoC
CVE-2026-41729 PoC
CVE-2026-41729HIGH13 mai 2026
Spring Data REST SpEL Injection via Map Key in JSON Patch
41RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-33626-Lab
CVE-2026-33626HIGH13 mai 2026
LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
68RISCO
abrir
GitHub PoC
this little script blocks the new splice-ram-privlilleg ecalation fastly befor the contributers do it ( CVE-2026-31431) (CopyFail fix)
CVE-2026-31431HIGHsob ataque13 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
OOB verifier for GHSA-c4j6-fc7j-m34r / CVE-2026-44578 (Next.js WebSocket-upgrade SSRF)
CVE-2026-44578HIGH13 mai 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir
GitHub PoC1
First CTF successfully completed! This repo documents my walkthrough of TryHackMe's Simple CTF. It covers network reconnaissance (Nmap), web exploitation (CVE-2019-9053), and credential cracking. As a dev, it was great to pivot from SQLi to a Root shell by leveraging Sudo misconfigurations. Educational purposes only.
CVE-2019-905313 mai 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir
GitHub PoC3
masjadaan/CVE-2025-29338
CVE-2025-29338MEDIUM13 mai 2026
NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buff
33RISCO
abrir
GitHub PoC
CVE-2026-0001. Do with your own risk
CVE-2026-23760CRITICALsob ataqueransomware13 mai 2026
SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API
100RISCO
abrir
GitHub PoC
Bencodin/CVE-2026-23918-poc
CVE-2026-23918HIGH13 mai 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISCO
abrir
GitHub PoC
copy-fail-CVE-2026-31431
CVE-2026-31431HIGHsob ataque13 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC1
rootdirective-sec/CVE-2026-5718-Lab
CVE-2026-5718HIGH12 mai 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISCO
abrir
GitHub PoC
CVE-2023-4220 — Unauthenticated file upload RCE in Chamilo LMS ≤ 1.11.24. OSCP-style and auto exploit.
CVE-2023-4220HIGH12 mai 2026
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RISCO
abrir
GitHub PoC
lamaper/CVE-2026-52200
CVE-2026-52200CRITICAL12 mai 2026
An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax
28RISCO
abrir
GitHub PoC29
PoC for CVE-2026-3609 - XIGNCODE3 xhunter1.sys handle leak enabling PPL bypass and LSASS dumping
CVE-2026-3609MEDIUM12 mai 2026
XIGNCODE3 xhunter1.sys kernel driver contains a Privilege Escalation Vulnerability
33RISCO
abrir
GitHub PoC882
exploit for CVE-2026-42945
CVE-2026-42945CRITICAL12 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Working POC of CVE-2026-6664 written by Sonnet 4.6
CVE-2026-6664HIGH12 mai 2026
PgBouncer integer overflow in PgBouncer network packet parsing
41RISCO
abrir
GitHub PoC20
azefzafyoussef/CVE-2026-34621
CVE-2026-34621HIGHsob ataque12 mai 2026
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
71RISCO
abrir
GitHub PoC1
A CVE-2026-31431 implementation in c++ and inline assembly dependency free
CVE-2026-31431HIGHsob ataque12 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
🛡️ One-command scanner for CVE-2026-45321 — TanStack npm supply-chain attack
CVE-2026-45321CRITICALsob ataqueransomware12 mai 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir
GitHub PoC
Quick mitigation and patch script for CVE-2026-31431 (Copy Fail) on Ubuntu/Debian VPS
CVE-2026-31431HIGHsob ataque12 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
SystemVll/CVE-2026-31431-copyfail-aarch64
CVE-2026-31431HIGHsob ataque12 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
cve-2024-21413
CVE-2024-21413CRITICALsob ataque12 mai 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
y0naldez/CVE-2024-28397-Js2Py-RCE
CVE-2024-28397MEDIUM12 mai 2026
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RISCO
abrir
anteriorpágina 43 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.