Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.116 exploits
GitHub PoC
Semgrep rules that flag header-trust auth bypass patterns (CVE-2025-29927 class). Companion to bk-security.github.io.
Authorization Bypass in Next.js Middleware
85RISCO
abrir ↗GitHub PoC
y0naldez/CVE-2024-28397-Js2Py-RCE
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-29000 – pac4j-jwt Authentication Bypass (🔥 CVSS 10.0). One-click admin forge via public key JWE wrapping. Leaks configs, users, secrets. Keep-alive, proxy, custom JWKS.⚙️ Educational PoC Exploit tool.
pac4j-jwt JwtAuthenticator Authentication Bypass
48RISCO
abrir ↗GitHub PoC★ 1
oen liner CVE-2026-31431 test. Created 'sandbox' on sudo user and tests if ir can escape to root
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
CVE-2023-4220 — Unauthenticated file upload RCE in Chamilo LMS ≤ 1.11.24. OSCP-style and auto exploit.
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RISCO
abrir ↗GitHub PoC★ 1
rootdirective-sec/CVE-2026-5718-Lab
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISCO
abrir ↗GitHub PoC
SystemVll/CVE-2026-31431-copyfail-aarch64
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
Quick mitigation and patch script for CVE-2026-31431 (Copy Fail) on Ubuntu/Debian VPS
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 1
A CVE-2026-31431 implementation in c++ and inline assembly dependency free
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
CSRF (Cross-Site Request Forgery) vulnerability in gpEasy 1.5-16.3
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijac
23RISCO
abrir ↗GitHub PoC★ 20
azefzafyoussef/CVE-2026-34621
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
71RISCO
abrir ↗GitHub PoC
Are you get Tanstack Supply chain attack attack of 5/11? CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir ↗GitHub PoC
SSTI contact form to rce
Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality
75RISCO
abrir ↗GitHub PoC★ 68
EncryptInterceptor fail-open bypass in Apache Tomcat Tribes clustering leading to unauthenticated RCE via Java deserialization.
Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor
61RISCO
abrir ↗GitHub PoC
Copy Fail (CVE-2026-31431)
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
Proof of concept of CVE-2026-8161 (Multiparty)
multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception
21RISCO
abrir ↗GitHub PoC★ 1
This project is a cybersecurity research and analysis project focused on CVE-2023-38831, a critical WinRAR vulnerability that allows attackers to execute malicious code through specially crafted archive files. The project was conducted in a controlled lab environment for educational and defensive security purposes only.
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a
100RISCO
abrir ↗GitHub PoC★ 1
Exploit for CVE-2026-31431 (Copy Fail)
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
EspoCRM 9.3.3 - Stored HTML Injection in Email Notifications
EspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post field
13RISCO
abrir ↗GitHub PoC
CVE-2026-6274 - Redline WR3200 Broken Authentication
Authentication Bypass in DTS Electronics' Redline WR3200
28RISCO
abrir ↗GitHub PoC
Dirtyfrag CVE-2026-43284 & CVE-2026-43500 Scanner
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
CVE-2026-41940 — cPanel/WHM Auth Bypass By Dr.Anach, CRLF injection in `cpsrvd` Basic auth handler → unauthenticated WHM API access → RCE as root. All cPanel since v11.40 affected.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir ↗GitHub PoC★ 29
Double-free in Apache httpd mod_http2 stream cleanup leading to pre-auth RCE.
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISCO
abrir ↗GitHub PoC
CVE-2026-40987 PoC
Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization
41RISCO
abrir ↗GitHub PoC
Xmyronn/CVE-2026-10288-AUTH-BYPASS
code-projects Hotel and Tourism Reservation System Admin Login login.php password_verify improper authentication
33RISCO
abrir ↗GitHub PoC
CVE-2026-42569
phpvms: /importer authorization bypass causing full database wipe
43RISCO
abrir ↗GitHub PoC
Xmyronn/CVE-2026-10289-XSS
code-projects Hotel and Tourism Reservation System tour.php cross site scripting
33RISCO
abrir ↗GitHub PoC
Xmyronn/CVE-2026-10290-SQLI
code-projects Hotel and Tourism Reservation System GET Parameter tour.php sql injection
33RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-31431 - Linux Kernel Page Cache Vulnerability
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.