Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.116 exploits
GitHub PoC★ 10
DaemonSet для митигации уязвимости CVE-2026-31431 (Copy Fail)
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
Wazuh SCA Linux hardening policy for Copy Fail (CVE-2026-31431)
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 3
根据py版本,升级成了c和rust版本,带加密混淆、0依赖(仅技术学习与分享)
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 2
Temporarily removes the root password using CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
ryan2929/CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 2
Detection rules for CVE-2026-31431 Linux LPE Vulnerability - Credit: (Copy Fail) https://copy.fail
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 31
BPF-LSM mitigation for CVE-2026-31431 (Copy Fail) — denies AF_ALG socket creation cluster-wide
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
Unauthenticated time-based blind SQL injection PoC for VICIdial CVE-2024-8503, with metadata extraction, resumable scans, and strict safety limits.
VICIdial Unauthenticated SQL Injection
85RISCO
abrir ↗GitHub PoC★ 1
Automated detection & exploitation of critical PHP vulnerabilities (CVE-2024-4577 bypass, CVE-2025-14177, CVE-2025-14180, CVE-2025-14178)
Argument Injection in PHP-CGI
100RISCO
abrir ↗GitHub PoC
dinhthihanhle1989-max/CVE-2024-29988
SmartScreen Prompt Security Feature Bypass Vulnerability
83RISCO
abrir ↗GitHub PoC
Escaneo de vulnerabilidades, análisis de tráfico con Wireshark y explotación controlada del CVE-2011-2523 (vsftpd 2.3.4) en entorno de red segura.
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir ↗GitHub PoC★ 433
Cross-platform C port of the Copy Fail Linux LPE (CVE-2026-31431). Disclosed 2026-04-29 by Theori / Xint.
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
Wise-Security/CVE-2026-38945
Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary cod
41RISCO
abrir ↗GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56537
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute
33RISCO
abrir ↗GitHub PoC★ 1
POC for CVE-2026-39816 which allows NiFi users without execute code permissions to run arbitrary scripts
Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService
21RISCO
abrir ↗GitHub PoC★ 7
Time-based SQL injection PoC for CVE-2024-51482 in ZoneMinder, with reproducible Docker lab and automated data extraction.
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RISCO
abrir ↗GitHub PoC
B1gN0Se/PwnKit_CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir ↗GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56534
A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers t
33RISCO
abrir ↗GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56536
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scri
33RISCO
abrir ↗GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56535
A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or
33RISCO
abrir ↗GitHub PoC
Esta falla permite a un atacante remoto y sin ningún tipo de autenticación acceder directamente a los tickets de soporte, casos internos y a todos sus archivos adjuntos confidenciales. Al iterar y descargar de forma automatizada los registros de Aranda, dejando la información sensible expuesta a una exfiltración masiva.
The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs w
41RISCO
abrir ↗GitHub PoC
Log4Shell (CVE-2021-44228) defense lab — nginx + Coraza WAF dynamic module + OWASP CRS v4. Educational use only.
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗GitHub PoC★ 1
melikesraoz/cve-2022-39227-jwt-auth-bypass-demo
Python-jwt subject to Authentication Bypass by Spoofing
48RISCO
abrir ↗GitHub PoC
kaleth4/CVE-2021-44228
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗GitHub PoC
Analysis and PoC for CVE-2018-14847, MikroTik RouterOS Winbox information disclosure vulnerability allowing unauthenticated read access to the credential database.
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated
100RISCO
abrir ↗GitHub PoC
Multiple CVEs (CVE-2026-38934, CVE-2026-38935, CVE-2026-38936) discovered in diskover-community including CSRF and XSS vulnerabilities with proof-of-concept and impact analysis.
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker
41RISCO
abrir ↗GitHub PoC
A black box penetration test on HackTheBox's CCTV machine achieving full root compromise via four vulnerabilities: default credentials, SQL injection (CVE-2024-51482), password hash cracking, and Remote Code Execution in motionEye (CVE-2025-60787)
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RISCO
abrir ↗GitHub PoC
A black box penetration test on HackTheBox's CCTV machine achieving full root compromise via four vulnerabilities: default credentials, SQL injection (CVE-2024-51482), password hash cracking, and Remote Code Execution in motionEye (CVE-2025-60787)
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.