Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC
This is a Proof-of-Concept for the Blink CSS UAF vulnerability tracked as CVE-2026-6300.
CVE-2026-6300HIGH07 jul 2026
Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code insid
41RISCO
abrir
GitHub PoC
Vtiger CRM 8.3.0 Authenticated RCE via .phar Upload
CVE-2026-23697HIGH07 jul 2026
Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module
41RISCO
abrir
GitHub PoC3
CVE-2026-53359
CVE-2026-5335907 jul 2026
KVM: x86: Fix shadow paging use-after-free due to unexpected role
23RISCO
abrir
GitHub PoC
Vtiger CRM 8.3.0, 8.4.0 Module Import Authenticated RCE PoC
CVE-2026-23698HIGH07 jul 2026
Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload
41RISCO
abrir
GitHub PoC
Frontend File Manager Plugin (WordPress) <= 23.6 - Unauthenticated Arbitrary File Deletion to RCE
CVE-2026-12277HIGH07 jul 2026
Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Deletion via Saved File Metadata Path Traversal
41RISCO
abrir
GitHub PoC1
Stored Cross-Site Scripting (XSS) in osTicket via Vulnerable Bootstrap Tooltip Component
CVE-2026-36214MEDIUM07 jul 2026
osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable
33RISCO
abrir
GitHub PoC
CVE-2026-11405 - Draft
CVE-2026-11405CRITICAL07 jul 2026
Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface
48RISCO
abrir
GitHub PoC1
CVE-2026-14762 exploit for Hotel & Tourism Reservation 1.0. Time-based blind SQL injection via /admin/rooms.php?delete. Dumps DB, tables, columns, reads files, writes webshells. Multi-threaded, proxy support, interactive shell. CVSS 7.3. Authorized testing only. By| @tc4dy
CVE-2026-14762MEDIUM07 jul 2026
code-projects Hotel and Tourism Reservation Room Management rooms.php sql injection
33RISCO
abrir
GitHub PoC1
A17-ba/CVE-2026-51119
CVE-2026-51119CRITICAL07 jul 2026
An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser co
48RISCO
abrir
GitHub PoC
Exploit for Authenticated Remote Code Execution (RCE) in Krayin CRM v2.2.x (CVE-2026-38526)
CVE-2026-38526CRITICAL06 jul 2026
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RISCO
abrir
GitHub PoC
HTB_Nexus Penetration Test Report – Comprehensive security assessment documenting credential leakage from Gitea, CVE-2026-38526 exploitation in Krayin CRM, and privilege escalation via Gitea template sync directory traversal. Mapped to MITRE ATT&CK and NSA D3FEND frameworks with actionable remediation roadmap and full evidence appendix.
CVE-2026-38526CRITICAL06 jul 2026
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-27172: Apache Camel camel-consul ConsulRegistry Java deserialization (RCE)
CVE-2026-27172HIGH06 jul 2026
Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store
41RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-33453: Apache Camel camel-coap header injection to RCE via camel-exec
CVE-2026-33453CRITICAL06 jul 2026
Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution
63RISCO
abrir
GitHub PoC
HTB "Abducted" write-up. Exploit CVE-2026-4480 (Samba RCE) → SMB wide links → systemd → root. Full methodology and flags.
CVE-2026-4480CRITICAL06 jul 2026
Samba: samba: remote code execution in printing subsystem via unescaped job description
68RISCO
abrir
GitHub PoC
OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value.
CVE-2026-25555CRITICAL06 jul 2026
OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header
63RISCO
abrir
GitHub PoC1
Reproducer for CVE-2026-33454: Apache Camel camel-mail header injection to RCE via camel-exec
CVE-2026-33454CRITICAL06 jul 2026
Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant)
48RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-40022: Apache Camel camel-platform-http-main authentication bypass on non-root context paths
CVE-2026-40022HIGH06 jul 2026
Apache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtime
41RISCO
abrir
GitHub PoC20
imbas007/CVE-2026-48282
CVE-2026-48282CRITICAL06 jul 2026
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
68RISCO
abrir
GitHub PoC
AF_ALG/splice 기반 Linux Page Cache 변조 취약점 분석 및 대응 실습
CVE-2026-31431HIGHsob ataque06 jul 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Exploitability PoC for CVE-2026-49352 (9router Hardcoded JWT Secret Authentication Bypass)
CVE-2026-49352CRITICAL06 jul 2026
9Router: Hardcoded Default fallback JWT Secret Allows Authentication Bypass
45RISCO
abrir
GitHub PoC
Rust-based DLL hijacking loader for MobaXterm (CVE-2026-6421) with persistence
CVE-2026-6421HIGH06 jul 2026
Mobatek MobaXterm Home Edition msimg32.dll uncontrolled search path
41RISCO
abrir
GitHub PoC6
jaf0rk/CVE-2026-14382
CVE-2026-14382CRITICAL06 jul 2026
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to
48RISCO
abrir
GitHub PoC4
Pre-auth path traversal to arbitrary file delete in Avada (Fusion) Builder <= 3.15.3 leading to RCE (CVSS 9.1)
CVE-2026-8713CRITICAL05 jul 2026
Avada (Fusion) Builder <= 3.15.3 - Unauthenticated Arbitrary File Deletion via Form Entry Value
48RISCO
abrir
GitHub PoC1
QNAP password reset URL injection writeup + PoC.
CVE-2025-59382LOW05 jul 2026
QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
28RISCO
abrir
GitHub PoC5
Epson Printer RAW Protocol Exploit Framework
CVE-2026-39047HIGH05 jul 2026
Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Prin
41RISCO
abrir
GitHub PoC
MESLIMOHAMEDM22005188/path-traversal-CVE-2026-14628
CVE-2026-14628MEDIUM05 jul 2026
NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal
33RISCO
abrir
GitHub PoC
 CVE-2026-49049 - Unauthenticated File Deletion, Arbitrary Write & XSS Injection for Helix3 Joomla Extension
CVE-2026-49049HIGH05 jul 2026
Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler
41RISCO
abrir
GitHub PoC
Eliot-code/CVE-2026-22874-PoC
CVE-2026-22874CRITICAL05 jul 2026
Gitea webhook and migration allow-list filtering permits SSRF
48RISCO
abrir
GitHub PoC
Pre-auth Local File Inclusion in WP User Manager <= 2.9.17 via path traversal in tab parameter (CVSS 7.5)
CVE-2026-9290HIGH05 jul 2026
WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter
56RISCO
abrir
GitHub PoC
Proof of Concept (PoC) for CVE-2026-49975 – HTTP/2 server memory exhaustion attack leveraging HPACK amplification and connection retention (HTTP/2 Slowloris).
CVE-2026-49975HIGH05 jul 2026
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.