Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC1
CVE-2026-0257 - Palo Alto PAN-OS GlobalProtect Auth Override Cookie Forgery - PoC & Analysis | CVSS 9.1 CRITICAL CISA KEV | AMN SECURITY
CVE-2026-0257HIGHsob ataque08 jul 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-40453: Apache Camel case-variant Camel header injection (incomplete fix of CVE-2025-27636)
CVE-2026-40453CRITICAL08 jul 2026
Apache Camel JMS, Apache Camel CoAP, Apache Camel Google PubSub: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection
48RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-40048: Apache Camel camel-pqc FileBasedKeyLifecycleManager unsafe deserialization (RCE)
CVE-2026-40048HIGH08 jul 2026
Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager
41RISCO
abrir
GitHub PoC2
Verificador de Vulnerabilidad: Bad Epoll (CVE-2026-46242)
CVE-2026-46242HIGH08 jul 2026
eventpoll: fix ep_remove struct eventpoll / struct file UAF
41RISCO
abrir
GitHub PoC
Automated exploit for Krayin CRM ≤ 2.2.x.
CVE-2026-38526CRITICAL08 jul 2026
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RISCO
abrir
GitHub PoC
Proof of concept exploit for CVE-2026-3775/CVE-2026-3780 and CVE-2026-57239 which lets you obtain NT AUTHORITY\SYSTEM rights via the Foxit PDF Reader updater service.
CVE-2026-57239HIGH08 jul 2026
Foxit PDF Editor/Reader Local Privilege Escalation
41RISCO
abrir
GitHub PoC1
CVE-2026-8206 - Kirki WordPress Plugin Unauthenticated Account Takeover - PoC & Analysis | CVSS 9.8 CRITICAL | AMN SECURITY
CVE-2026-8206CRITICAL08 jul 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISCO
abrir
GitHub PoC1
CVE-2026-49777 - WooCommerce Product Slider Pro Malicious Software Implantation RCE - PoC & Analysis | CVSS 10.0 CRITICAL | AMN SECURITY
CVE-2026-49777CRITICAL08 jul 2026
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
63RISCO
abrir
GitHub PoC2
Reproducer for CVE-2026-40047: Apache Camel camel-docling CLI argument injection / path traversal
CVE-2026-40047CRITICAL08 jul 2026
Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer
48RISCO
abrir
GitHub PoC6
CVE-2026-43499
CVE-2026-43499HIGH08 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir
GitHub PoC
CVE-2026-43499 - Draft
CVE-2026-43499HIGH08 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir
GitHub PoC3
CVE-2026-56290 - Mass Exploit for Joomla Com_pagebuilderck component (Unrestricted File Upload → RCE). Multi-threaded, automatic CSRF bypass, PHP shell uploader.
CVE-2026-56290CRITICAL08 jul 2026
Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
48RISCO
abrir
GitHub PoC
zero-trace7/CVE-2026-50229
CVE-2026-50229MEDIUM08 jul 2026
Apache Tomcat: XSS in number guess example
48RISCO
abrir
GitHub PoC
Bypass Authentication
CVE-2026-48611CRITICAL07 jul 2026
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or
63RISCO
abrir
GitHub PoC1
Stored Cross-Site Scripting (XSS) in osTicket via Vulnerable Bootstrap Tooltip Component
CVE-2026-36214MEDIUM07 jul 2026
osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable
33RISCO
abrir
GitHub PoC9
CVE-2026-20896 Gitea Docker X-WEBAUTH-USER auth bypass checker
CVE-2026-20896CRITICAL07 jul 2026
Gitea Docker image trusts spoofable reverse-proxy headers by default
48RISCO
abrir
GitHub PoC
This is a Proof-of-Concept for the Blink CSS UAF vulnerability tracked as CVE-2026-6300.
CVE-2026-6300HIGH07 jul 2026
Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code insid
41RISCO
abrir
GitHub PoC3
CVE-2026-42271 - LiteLLM AI Gateway MCP Command Injection RCE - PoC & Analysis | CVSS 8.8 | AMN SECURITY
CVE-2026-42271HIGHsob ataque07 jul 2026
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RISCO
abrir
GitHub PoC2
IOCs and a read-only triage checklist from a real Linux root compromise: RedTail miner, XorDDoS persistence, MoneroOcean miner, DirtyFrag LPE (CVE-2026-43284/43500). CC0.
CVE-2026-43284HIGH07 jul 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC1
CVE-2026-45659 - Microsoft SharePoint Deserialization RCE - PoC & Analysis | CVSS 8.8 | AMN SECURITY
CVE-2026-45659HIGHsob ataque07 jul 2026
Microsoft SharePoint Remote Code Execution Vulnerability
71RISCO
abrir
GitHub PoC
Laboratory validation of CVE-2026-48282 in Adobe ColdFusion RDS, covering arbitrary CFM file write, code execution as the ColdFusion service user, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.
CVE-2026-48282CRITICAL07 jul 2026
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
68RISCO
abrir
GitHub PoC
🐳 docker-compose 를 활용한 취약한 환경 구성 및 검증 (vulhub 한글판)
CVE-2026-40519HIGH07 jul 2026
Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()
21RISCO
abrir
GitHub PoC6
CVE-2026-42980 PUBLIC EXPLOIT + RESEARCH
CVE-2026-42980HIGH07 jul 2026
NT OS Kernel Elevation of Privilege Vulnerability
41RISCO
abrir
GitHub PoC1
CVE-2026-39492 — WP Maps (wp-google-map-plugin) <= 4.9.1 Unauthenticated Blind SQL Injection Mass Scanner | sqlmap-style detection | backtick bypass esc_sql() | 100K+ installs
CVE-2026-39492CRITICAL07 jul 2026
WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability
48RISCO
abrir
GitHub PoC2
CVE-2026-48908 — PoC exploit for unauthenticated RCE in SP Page Builder (Joomla) via arbitrary file upload. Multi‑threaded, case‑bypass, shell verification. For authorized security testing only.
CVE-2026-48908CRITICAL07 jul 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISCO
abrir
GitHub PoC
PoC for CVE-2026-54350 — Budibase unauthenticated NoSQL operator injection (CVSS 10.0). Read/mass-write any document collection via a PUBLIC query.
CVE-2026-54350CRITICAL07 jul 2026
Budibase: Anonymous NoSQL operator injection via published-app query templates
48RISCO
abrir
GitHub PoC2
CVE-2026-8451 - Citrix NetScaler SAML Memory Overread (CitrixBleed) - PoC & Analysis | CVSS 8.8 | AMN SECURITY
CVE-2026-8451HIGH07 jul 2026
Insufficient input validation leading to memory overread
41RISCO
abrir
GitHub PoC
Laboratory validation of CVE-2026-48282 in Adobe ColdFusion RDS, covering arbitrary CFM file write, code execution as the ColdFusion service user, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.
CVE-2026-48282CRITICAL07 jul 2026
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
68RISCO
abrir
GitHub PoC
CVE-2026-14191 - Draft
CVE-2026-14191HIGH07 jul 2026
WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader
41RISCO
abrir
GitHub PoC2
Linux 内核升级指南 - 修复 CVE-2026-53359
CVE-2026-5335907 jul 2026
KVM: x86: Fix shadow paging use-after-free due to unexpected role
23RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.