Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
13.140 exploits
GitHub PoC
Exploiting Parsec for Windows to gain SYSTEM privileges
CVE-2026-54424HIGH08 mai 2026
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Pri
41RISCO
abrir
GitHub PoC
A Rust honeypot that simulates a vulnerable cPanel/WHM instance for CVE-2026-41940
CVE-2026-41940CRITICALsob ataqueransomware08 mai 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC
Tracking CVE-2026-43284
CVE-2026-43284HIGH08 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
CVE-2025-58434 Proof of Concept
CVE-2025-58434CRITICAL08 mai 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir
GitHub PoC
EspoCRM 9.3.3 - Authenticated SSRF via Alternative IPv4 Notation
CVE-2026-33534MEDIUM08 mai 2026
EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
48RISCO
abrir
GitHub PoC
Full exploit chain lab and Suricata IDS detection for CVE-2022-30190 (Follina) - MSDT RCE
CVE-2022-30190HIGHsob ataqueransomware08 mai 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
Vulnerability Research and Exploit for CVE-2019-10149
CVE-2019-10149CRITICALsob ataque07 mai 2026
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RISCO
abrir
GitHub PoC
CVE-2025-6440
CVE-2025-6440CRITICAL07 mai 2026
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RISCO
abrir
GitHub PoC
CVE-2026-44590 - Sherlock <= v0.16.0 - RCE via pull_request_target Injection → Supply Chain Compromise
CVE-2026-44590CRITICAL07 mai 2026
Sherlock: Command Injection via pull_request_target in validate_modified_targets.yml
28RISCO
abrir
GitHub PoC
borahll/CVE-2021-21220
CVE-2021-21220HIGHsob ataque07 mai 2026
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RISCO
abrir
GitHub PoC2
Advisory: CVE-2026-38360 path traversal (CWE-22) in dash-uploader (Python/PyPI)
CVE-2026-38360CRITICAL07 mai 2026
Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execut
43RISCO
abrir
GitHub PoC3
One-liner Python LPE for CVE-2026-31431 (CopyFail2). No compilation, no dependencies beyond Python+OpenSSL. Just curl | python3 and get root on Linux 6.5+.
CVE-2026-31431HIGHsob ataque07 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Advisory: CVE-2026-38361 multiple DoS vulnerabilities (CWE-400/CWE-670) in dash-uploader (Python/PyPI)
CVE-2026-38361HIGH07 mai 2026
Multiple unauthenticated denial-of-service (DoS) issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-u
36RISCO
abrir
GitHub PoC2
Math.js Expression Parser RCE
CVE-2026-40897HIGH07 mai 2026
Math.js: Unsafe object property setter in mathjs
41RISCO
abrir
GitHub PoC1
cve-2026-41940 cPanel/WHM Authentication Bypass - Detection Artifact Generator
CVE-2026-41940CRITICALsob ataqueransomware07 mai 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC1
Automatic script written in python for CVE-2009-3999
CVE-2009-399907 mai 2026
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to ex
60RISCO
abrir
GitHub PoC1
HTB Snapped — Hard Linux machine writeup. CVE-2026-27944 (Nginx UI unauthenticated backup disclosure) chained with CVE-2026-3888 (snapd race condition LPE) to achieve full system compromise.
CVE-2026-27944CRITICAL07 mai 2026
Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure
68RISCO
abrir
GitHub PoC1
CVE-2026-23918 Apache mod_http2 Double-Free Detector
CVE-2026-23918HIGH07 mai 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISCO
abrir
GitHub PoC
CVE-2026-3844
CVE-2026-3844CRITICAL07 mai 2026
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RISCO
abrir
GitHub PoC
Caliburn9/CVE-2023-21716-Analysis-ICT287
CVE-2023-21716CRITICAL07 mai 2026
Microsoft Word Remote Code Execution Vulnerability
70RISCO
abrir
GitHub PoC
adilkurtulmus/linux-copy-fail-CVE-2026-31431
CVE-2026-31431HIGHsob ataque07 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
CVE-2026-31431 (Copy Fail) novel exploit: live code corruption via page cache. Overwrites libc exit() code through MAP_PRIVATE page sharing — affects ALL running processes.
CVE-2026-31431HIGHsob ataque07 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Discovery and original disclosure of CVE-2026-31431: Theori / Xint. Public writeup: https://copy.fail/.
CVE-2026-31431HIGHsob ataque07 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC1
CVE-2026-31431 Copy Fail
CVE-2026-31431HIGHsob ataque07 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC33
CVE-2026-23631 (DarkReplica) Redis Exploit
CVE-2026-23631MEDIUM07 mai 2026
redis-server Lua use-after-free may allow remote code execution
33RISCO
abrir
GitHub PoC
CVE-2026-31431, AKA Copy Fail, can be mitigated in one-line with bpftrace
CVE-2026-31431HIGHsob ataque07 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
abdelkabirouadoukou/CVE-2026-31431-Analysis-and-Fix
CVE-2026-31431HIGHsob ataque07 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC171
Next.js v16.2.4 Security PoC Collection (CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576, CVE-2026-44582, CVE-2026-44572)
CVE-2026-23870HIGH07 mai 2026
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpo
41RISCO
abrir
GitHub PoC
julichaan/CVE-2026-31431-python-copyfail-POC
CVE-2026-31431HIGHsob ataque07 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC1
FlowiseAI CVE-2025-58434 & CVE-2025-59528 exploit PoC, demonstrating unauthenticated ATO via reset token leakage, followed by authenticated RCE. Includes a reproductible Docker lab environment.
CVE-2025-58434CRITICAL07 mai 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir
anteriorpágina 48 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.