Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.116exploits catalogados
31.651CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.116 exploits
GitHub PoC★ 29
Double-free in Apache httpd mod_http2 stream cleanup leading to pre-auth RCE.
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISCO
abrir ↗GitHub PoC
Dirtyfrag CVE-2026-43284 & CVE-2026-43500 Scanner
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
Lab testing documentation for CVE-2026-31431 (Copy Fail) Linux kernel LPE
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
PoC for CVE-2026-8023: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Path traversal in Zephyr HTTP server static-filesystem resource handler allows unauthenticated remote arbitrary file read
41RISCO
abrir ↗GitHub PoC
CVE-2026-41940 — cPanel/WHM Auth Bypass By Dr.Anach, CRLF injection in `cpsrvd` Basic auth handler → unauthenticated WHM API access → RCE as root. All cPanel since v11.40 affected.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir ↗GitHub PoC
EspoCRM 9.3.3 - Stored HTML Injection in Email Notifications
EspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post field
13RISCO
abrir ↗GitHub PoC
CVE-2026-42569
phpvms: /importer authorization bypass causing full database wipe
43RISCO
abrir ↗GitHub PoC★ 5
Crihexe/v8-poc-CVE-2026-5865
Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside
21RISCO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-42208-Lab
LiteLLM: SQL injection in Proxy API key verification
100RISCO
abrir ↗GitHub PoC
kaleth4/CVE-2026-7482
Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers
21RISCO
abrir ↗GitHub PoC★ 2
cPanelSniper STABLE - CVE-2026-41940 optimized for 10M+ targets
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir ↗GitHub PoC
Форензика после CVE-2026-41940 (cPanel/WHM) — bash-скрипт и чек-лист
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir ↗GitHub PoC
Threat intelligence brief on CVE-2026-42208, a critical pre-auth SQL injection in BerriAI LiteLLM exploited within 36 hours of disclosure. Covers attack path, detection opportunities, and recommended actions.
LiteLLM: SQL injection in Proxy API key verification
100RISCO
abrir ↗GitHub PoC
Exploit Windows server 2019 vulnerable to Zerologon with Garble, Chisel, wp-file-manager vulnerability (have video demo)
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RISCO
abrir ↗GitHub PoC
Educational Proof of Concept for CVE-2026-31431 / Copy Fail Linux local privilege escalation via AF_ALG algif_aead
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
ryan2929/CVE-2026-43284-
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
A temporary mitigation against copy_fail variant (copyfail2_electric_boogaloo) - Unprivileged Linux LPE via xfrm ESP-in-UDP MSG_SPLICE_PAGES no-COW fast path. Page-cache write into any readable file. Overwrites a nologin line in /etc/passwd with sick::0:0:…:/:/bin/bash and sus into it. Same class as Copy Fail (CVE-2026-31431), different subsystem.
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
Technical analysis of the LangChain serialization injection vulnerability CVE-2025-68664.
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
53RISCO
abrir ↗GitHub PoC★ 27
arm64/aarch64 port of V4bel/dirtyfrag (CVE-2026-43284). ESP-only - rxrpc path kernel-oopses on arm64 due to flush_dcache_page
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
CVE-2026-20131
Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability
83RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-21510 LNK generator PoC
Windows Shell Security Feature Bypass Vulnerability
76RISCO
abrir ↗GitHub PoC
kaleth4/CVE-2026-32746
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption
53RISCO
abrir ↗GitHub PoC★ 3
Read-only checker for CVE-2026-31431 (algif_aead local root). Reports kernel/module state and suggests mitigations.
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
Kernel patches for Dirty Frag vulnerability (CVE-2026-43284, CVE-2026-43500)
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
Hunt-Benito/copy-fail-cve-2026-31431-linux-kernel-page-cache-lpe
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
Black-box penetration test on Metasploitable 2 — Identified 3 critical vulnerabilities including CVE-2011-2523. Conducted in isolated VMware lab. Tools: Nmap, Metasploit, Netcat.
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir ↗GitHub PoC
Elegant C++ exploit for CVE-2026-31431 (Copy Fail) using AF_ALG authenticated encryption + splice(2) to overwrite setuid binary memory
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
Proof-of-concept exploits for CVE-2026-4390, CVE-2026-4391 and CVE-2026-4392 in TeamSpeak 3 server (3.13.7).
TeamSpeak 3 Server Connection State Management process_resend_queue use after free
33RISCO
abrir ↗GitHub PoC★ 7
Read-only checker for CVE-2026-43284 / CVE-2026-43500 (Dirty Frag) Linux kernel local-root vulns
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
Helios973/CVE-2026-31431_exp.c
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.