Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.140 exploits
GitHub PoC
Exploiting Parsec for Windows to gain SYSTEM privileges
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Pri
41RISCO
abrir ↗GitHub PoC
A Rust honeypot that simulates a vulnerable cPanel/WHM instance for CVE-2026-41940
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir ↗GitHub PoC
Tracking CVE-2026-43284
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
CVE-2025-58434 Proof of Concept
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir ↗GitHub PoC
EspoCRM 9.3.3 - Authenticated SSRF via Alternative IPv4 Notation
EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
48RISCO
abrir ↗GitHub PoC
Full exploit chain lab and Suricata IDS detection for CVE-2022-30190 (Follina) - MSDT RCE
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISCO
abrir ↗GitHub PoC
Vulnerability Research and Exploit for CVE-2019-10149
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message(
100RISCO
abrir ↗GitHub PoC
CVE-2025-6440
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RISCO
abrir ↗GitHub PoC
CVE-2026-44590 - Sherlock <= v0.16.0 - RCE via pull_request_target Injection → Supply Chain Compromise
Sherlock: Command Injection via pull_request_target in validate_modified_targets.yml
28RISCO
abrir ↗GitHub PoC
borahll/CVE-2021-21220
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RISCO
abrir ↗GitHub PoC★ 2
Advisory: CVE-2026-38360 path traversal (CWE-22) in dash-uploader (Python/PyPI)
Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execut
43RISCO
abrir ↗GitHub PoC★ 3
One-liner Python LPE for CVE-2026-31431 (CopyFail2). No compilation, no dependencies beyond Python+OpenSSL. Just curl | python3 and get root on Linux 6.5+.
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
Advisory: CVE-2026-38361 multiple DoS vulnerabilities (CWE-400/CWE-670) in dash-uploader (Python/PyPI)
Multiple unauthenticated denial-of-service (DoS) issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-u
36RISCO
abrir ↗GitHub PoC★ 2
Math.js Expression Parser RCE
Math.js: Unsafe object property setter in mathjs
41RISCO
abrir ↗GitHub PoC★ 1
cve-2026-41940 cPanel/WHM Authentication Bypass - Detection Artifact Generator
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir ↗GitHub PoC★ 1
Automatic script written in python for CVE-2009-3999
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to ex
60RISCO
abrir ↗GitHub PoC★ 1
HTB Snapped — Hard Linux machine writeup. CVE-2026-27944 (Nginx UI unauthenticated backup disclosure) chained with CVE-2026-3888 (snapd race condition LPE) to achieve full system compromise.
Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure
68RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-23918 Apache mod_http2 Double-Free Detector
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISCO
abrir ↗GitHub PoC
CVE-2026-3844
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RISCO
abrir ↗GitHub PoC
Caliburn9/CVE-2023-21716-Analysis-ICT287
Microsoft Word Remote Code Execution Vulnerability
70RISCO
abrir ↗GitHub PoC
adilkurtulmus/linux-copy-fail-CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
CVE-2026-31431 (Copy Fail) novel exploit: live code corruption via page cache. Overwrites libc exit() code through MAP_PRIVATE page sharing — affects ALL running processes.
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
Discovery and original disclosure of CVE-2026-31431: Theori / Xint. Public writeup: https://copy.fail/.
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-31431 Copy Fail
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 33
CVE-2026-23631 (DarkReplica) Redis Exploit
redis-server Lua use-after-free may allow remote code execution
33RISCO
abrir ↗GitHub PoC
CVE-2026-31431, AKA Copy Fail, can be mitigated in one-line with bpftrace
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
abdelkabirouadoukou/CVE-2026-31431-Analysis-and-Fix
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 171
Next.js v16.2.4 Security PoC Collection (CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576, CVE-2026-44582, CVE-2026-44572)
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpo
41RISCO
abrir ↗GitHub PoC
julichaan/CVE-2026-31431-python-copyfail-POC
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 1
FlowiseAI CVE-2025-58434 & CVE-2025-59528 exploit PoC, demonstrating unauthenticated ATO via reset token leakage, followed by authenticated RCE. Includes a reproductible Docker lab environment.
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.