Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.163exploits catalogados
31.687CVEs com exploração pública
0testados em laboratório
13.134 exploits
GitHub PoC
Exploit Windows server 2019 vulnerable to Zerologon with Garble, Chisel, wp-file-manager vulnerability (have video demo)
CVE-2020-25213CRITICALsob ataque10 mai 2026
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-42208-Lab
CVE-2026-42208CRITICALsob ataque10 mai 2026
LiteLLM: SQL injection in Proxy API key verification
100RISCO
abrir
GitHub PoC
Educational Proof of Concept for CVE-2026-31431 / Copy Fail Linux local privilege escalation via AF_ALG algif_aead
CVE-2026-31431HIGHsob ataque10 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Threat intelligence brief on CVE-2026-42208, a critical pre-auth SQL injection in BerriAI LiteLLM exploited within 36 hours of disclosure. Covers attack path, detection opportunities, and recommended actions.
CVE-2026-42208CRITICALsob ataque10 mai 2026
LiteLLM: SQL injection in Proxy API key verification
100RISCO
abrir
GitHub PoC27
arm64/aarch64 port of V4bel/dirtyfrag (CVE-2026-43284). ESP-only - rxrpc path kernel-oopses on arm64 due to flush_dcache_page
CVE-2026-43284HIGH10 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
ryan2929/CVE-2026-43284-
CVE-2026-43284HIGH10 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
A temporary mitigation against copy_fail variant (copyfail2_electric_boogaloo) - Unprivileged Linux LPE via xfrm ESP-in-UDP MSG_SPLICE_PAGES no-COW fast path. Page-cache write into any readable file. Overwrites a nologin line in /etc/passwd with sick::0:0:…:/:/bin/bash and sus into it. Same class as Copy Fail (CVE-2026-31431), different subsystem.
CVE-2026-31431HIGHsob ataque10 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Kernel patches for Dirty Frag vulnerability (CVE-2026-43284, CVE-2026-43500)
CVE-2026-43284HIGH09 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC7
Read-only checker for CVE-2026-43284 / CVE-2026-43500 (Dirty Frag) Linux kernel local-root vulns
CVE-2026-43284HIGH09 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
kaleth4/CVE-2026-32746
CVE-2026-32746CRITICAL09 mai 2026
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption
53RISCO
abrir
GitHub PoC
Proof-of-concept exploits for CVE-2026-4390, CVE-2026-4391 and CVE-2026-4392 in TeamSpeak 3 server (3.13.7).
CVE-2026-4390MEDIUM09 mai 2026
TeamSpeak 3 Server Connection State Management process_resend_queue use after free
33RISCO
abrir
GitHub PoC
This script will attempt to mitigate the copy_fail attack. CVE-2026-31431
CVE-2026-31431HIGHsob ataque09 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
A bash script for mitigating linux dirtyfrag exploit CVE-2026-43500, and fragnesia
CVE-2026-43500HIGH09 mai 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISCO
abrir
GitHub PoC1
This repository provides a reproduction environment for CVE-2026-44656.
CVE-2026-44656MEDIUM09 mai 2026
Vim: OS Command Injection via 'path' completion
13RISCO
abrir
GitHub PoC
CVE-2026-7270 FreeBSD local privilege escalation via exec_args_adjust_args OOB memmove
CVE-2026-7270HIGH09 mai 2026
Local privilege escalation via execve()
21RISCO
abrir
GitHub PoC3
Read-only checker for CVE-2026-31431 (algif_aead local root). Reports kernel/module state and suggests mitigations.
CVE-2026-31431HIGHsob ataque09 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Educational cybersecurity project demonstrating exploitation and mitigation of CVE-2020-25213 (WordPress File Manager Plugin RCE). Includes malware simulation, VAPT analysis, and security patch implementation in a controlled lab environment.
CVE-2020-25213CRITICALsob ataque09 mai 2026
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RISCO
abrir
GitHub PoC
Black-box penetration test on Metasploitable 2 — Identified 3 critical vulnerabilities including CVE-2011-2523. Conducted in isolated VMware lab. Tools: Nmap, Metasploit, Netcat.
CVE-2011-252309 mai 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC2
CVE-2026-21510 LNK generator PoC
CVE-2026-21510HIGHsob ataque09 mai 2026
Windows Shell Security Feature Bypass Vulnerability
76RISCO
abrir
GitHub PoC2
CVE-2020-14008 - ManageEngine Applications Manager RCE
CVE-2020-1400809 mai 2026
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in
35RISCO
abrir
GitHub PoC
Hunt-Benito/copy-fail-cve-2026-31431-linux-kernel-page-cache-lpe
CVE-2026-31431HIGHsob ataque09 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Elegant C++ exploit for CVE-2026-31431 (Copy Fail) using AF_ALG authenticated encryption + splice(2) to overwrite setuid binary memory
CVE-2026-31431HIGHsob ataque09 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
CVE-2020-1938 Exploit
CVE-2020-1938CRITICALsob ataque09 mai 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISCO
abrir
GitHub PoC
Helios973/CVE-2026-31431_exp.c
CVE-2026-31431HIGHsob ataque09 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC1
CVE-2026-0073 - ADB Wireless Mutual Authentication Bypass PoC
CVE-2026-0073HIGH09 mai 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISCO
abrir
GitHub PoC
Defensive exposure assessment tool for identifying externally accessible cPanel, WHM, and Webmail management interfaces related to CVE-2026-41940.
CVE-2026-41940CRITICALsob ataqueransomware09 mai 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC
A Rust honeypot that simulates a vulnerable cPanel/WHM instance for CVE-2026-41940
CVE-2026-41940CRITICALsob ataqueransomware08 mai 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC
Sidjaz/CrushFTP-CVE-2024-4040-Proof-of-Concept
CVE-2024-4040CRITICALsob ataque08 mai 2026
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RISCO
abrir
GitHub PoC
A fully refactored, Python 3 compatible exploit script for Tomcat Ghostcat (CVE-2020-1938 / CNVD-2020-10487) AJP Local File Inclusion
CVE-2020-1938CRITICALsob ataque08 mai 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISCO
abrir
GitHub PoC
ameerhamza-malik/CVE-2026-42796
CVE-2026-42796CRITICAL08 mai 2026
Arelle < 2.39.10 Unauthenticated RCE via /rest/configure
28RISCO
abrir
anteriorpágina 46 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.