Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.062 exploits
GitHub PoC★ 154
yellow key bitlocker yellow screen bitlocker bitlocker recovery key CVE-2026-45585 microsoft account secure boot bypass command prompt windows 11 windows 10 surface pro uefi firmware encryption key data recovery troubleshoot boot loop cmd unlock drive setup guide tutorial
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir ↗GitHub PoC★ 44
OPPO Find N2 GhostLock (CVE-2026-43499) exploit adaptation
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir ↗GitHub PoC
CVE-2026-41089 checker: unauthenticated, non-destructive detection for the Netlogon CLDAP stack buffer overflow (CVSS 9.8). Reports whether a domain controller's domain is long enough to crash, without sending the overflow. The binary-verified analysis the public PoCs got wrong.
Windows Netlogon Remote Code Execution Vulnerability
70RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-53571 `server.fs.deny` bypass on Windows alternate paths PoC.
Vite: `server.fs.deny` bypass on Windows alternate paths
41RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-53359漏洞补丁
KVM: x86: Fix shadow paging use-after-free due to unexpected role
23RISCO
abrir ↗GitHub PoC
CVE-2026-50746... - Draft
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Conne
48RISCO
abrir ↗GitHub PoC
PoC for CVE-2026-49230: Apache APISIX jwe-decrypt authentication bypass (missing AES-GCM tag validation, CWE-354, CVSS 9.1)
Apache APISIX: Authentication bypass in jwe-decrypt
33RISCO
abrir ↗GitHub PoC
CVE-2026-43499 - Draft
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir ↗GitHub PoC★ 2
Reproducer for CVE-2026-40047: Apache Camel camel-docling CLI argument injection / path traversal
Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer
48RISCO
abrir ↗GitHub PoC★ 1
Blocking the DirtyFrag Linux LPE chain (CVE-2026-43284 / CVE-2026-43500) at runtime with a Cilium Tetragon TracingPolicy
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
Automated exploit for Krayin CRM ≤ 2.2.x.
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RISCO
abrir ↗Exploit-DB
Joomla Page Builder CK 3.5.10 - Arbitrary File Upload
Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
48RISCO
abrir ↗GitHub PoC★ 3
CVE-2026-56290 - Mass Exploit for Joomla Com_pagebuilderck component (Unrestricted File Upload → RCE). Multi-threaded, automatic CSRF bypass, PHP shell uploader.
Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
48RISCO
abrir ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 11
Apache Solr instances that may be affected by CVE-2026-44825, related to Velocity Template Remote Code Execution (RCE) conditions.
Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users
41RISCO
abrir ↗GitHub PoC
Reproducer for CVE-2026-40453: Apache Camel case-variant Camel header injection (incomplete fix of CVE-2025-27636)
Apache Camel JMS, Apache Camel CoAP, Apache Camel Google PubSub: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection
48RISCO
abrir ↗GitHub PoC
Reproducer for CVE-2026-40048: Apache Camel camel-pqc FileBasedKeyLifecycleManager unsafe deserialization (RCE)
Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager
41RISCO
abrir ↗VulnCheck XDB
initial-access
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RISCO
abrir ↗VulnCheck XDB
initial-access
Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
48RISCO
abrir ↗GitHub PoC★ 6
CVE-2026-43499
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir ↗Exploit-DB
Krayin CRM v2.2.x - Authenticated Remote Code Execution
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RISCO
abrir ↗GitHub PoC
Proof of concept exploit for CVE-2026-3775/CVE-2026-3780 and CVE-2026-57239 which lets you obtain NT AUTHORITY\SYSTEM rights via the Foxit PDF Reader updater service.
Foxit PDF Editor/Reader Local Privilege Escalation
41RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-8206 - Kirki WordPress Plugin Unauthenticated Account Takeover - PoC & Analysis | CVSS 9.8 CRITICAL | AMN SECURITY
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISCO
abrir ↗GitHub PoC★ 2
Verificador de Vulnerabilidad: Bad Epoll (CVE-2026-46242)
eventpoll: fix ep_remove struct eventpoll / struct file UAF
41RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-0257 - Palo Alto PAN-OS GlobalProtect Auth Override Cookie Forgery - PoC & Analysis | CVSS 9.1 CRITICAL CISA KEV | AMN SECURITY
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-49777 - WooCommerce Product Slider Pro Malicious Software Implantation RCE - PoC & Analysis | CVSS 10.0 CRITICAL | AMN SECURITY
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
63RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-45659 - Microsoft SharePoint Deserialization RCE - PoC & Analysis | CVSS 8.8 | AMN SECURITY
Microsoft SharePoint Remote Code Execution Vulnerability
71RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.