Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.062 exploits
GitHub PoC
Vtiger CRM 8.3.0 Authenticated RCE via .phar Upload
Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module
41RISCO
abrir ↗Exploit-DB
Discuz! X5.0 - Authentication Bypass
Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle
48RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-48908 — PoC exploit for unauthenticated RCE in SP Page Builder (Joomla) via arbitrary file upload. Multi‑threaded, case‑bypass, shell verification. For authorized security testing only.
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISCO
abrir ↗Exploit-DB
Tenable Nessus 10.12.1 - SQL Injection
SQL Injection in Nessus via Malicious Scan Result File Import
28RISCO
abrir ↗GitHub PoC★ 6
CVE-2026-42980 PUBLIC EXPLOIT + RESEARCH
NT OS Kernel Elevation of Privilege Vulnerability
41RISCO
abrir ↗GitHub PoC★ 3
CVE-2026-42271 - LiteLLM AI Gateway MCP Command Injection RCE - PoC & Analysis | CVSS 8.8 | AMN SECURITY
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-39492 — WP Maps (wp-google-map-plugin) <= 4.9.1 Unauthenticated Blind SQL Injection Mass Scanner | sqlmap-style detection | backtick bypass esc_sql() | 100K+ installs
WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability
48RISCO
abrir ↗GitHub PoC
CVE-2026-11405 - Draft
Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface
48RISCO
abrir ↗GitHub PoC★ 2
IOCs and a read-only triage checklist from a real Linux root compromise: RedTail miner, XorDDoS persistence, MoneroOcean miner, DirtyFrag LPE (CVE-2026-43284/43500). CC0.
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
Vtiger CRM 8.3.0, 8.4.0 Module Import Authenticated RCE PoC
Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload
41RISCO
abrir ↗Exploit-DB
Hydra - Stack Buffer Overflow
Hydra - Stack Buffer Overflow in NTLM Authentication Handler
41RISCO
abrir ↗GitHub PoC
Laboratory validation of CVE-2026-48282 in Adobe ColdFusion RDS, covering arbitrary CFM file write, code execution as the ColdFusion service user, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
68RISCO
abrir ↗GitHub PoC★ 2
Linux 内核升级指南 - 修复 CVE-2026-53359
KVM: x86: Fix shadow paging use-after-free due to unexpected role
23RISCO
abrir ↗GitHub PoC★ 5
Complete fix collection for the CVE-2026-53359 guest-to-host escape vulnerability in the KVM/x86 shadow MMU. From zero-downtime livepatch to kernel upgrade — covers every operational scenario. / KVM/x86 shadow MMU 虚拟机逃逸漏洞(CVE-2026-53359)的完整修复方案集合。 从零停机热修复到内核升级,覆盖所有运维场景。
KVM: x86: Fix shadow paging use-after-free due to unexpected role
23RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-8451 - Citrix NetScaler SAML Memory Overread (CitrixBleed) - PoC & Analysis | CVSS 8.8 | AMN SECURITY
Insufficient input validation leading to memory overread
41RISCO
abrir ↗Exploit-DB
Flowise 3.1.3 - arbitrary code execution
Flowise - Custom MCP Environment Variable Denylist Bypass via Case Sensitivity
28RISCO
abrir ↗GitHub PoC
Bypass Authentication
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or
63RISCO
abrir ↗GitHub PoC★ 3
CVE-2026-53359
KVM: x86: Fix shadow paging use-after-free due to unexpected role
23RISCO
abrir ↗GitHub PoC
PoC for CVE-2026-54350 — Budibase unauthenticated NoSQL operator injection (CVSS 10.0). Read/mass-write any document collection via a PUBLIC query.
Budibase: Anonymous NoSQL operator injection via published-app query templates
48RISCO
abrir ↗GitHub PoC
CVE-2026-53359 - Draft
KVM: x86: Fix shadow paging use-after-free due to unexpected role
23RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-45659 - Microsoft SharePoint Deserialization RCE - PoC & Analysis | CVSS 8.8 | AMN SECURITY
Microsoft SharePoint Remote Code Execution Vulnerability
71RISCO
abrir ↗GitHub PoC
🐳 docker-compose 를 활용한 취약한 환경 구성 및 검증 (vulhub 한글판)
Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()
21RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-14762 exploit for Hotel & Tourism Reservation 1.0. Time-based blind SQL injection via /admin/rooms.php?delete. Dumps DB, tables, columns, reads files, writes webshells. Multi-threaded, proxy support, interactive shell. CVSS 7.3. Authorized testing only. By| @tc4dy
code-projects Hotel and Tourism Reservation Room Management rooms.php sql injection
33RISCO
abrir ↗GitHub PoC
CVE-2026-14191 - Draft
WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader
41RISCO
abrir ↗VulnCheck XDB
initial-access
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RISCO
abrir ↗GitHub PoC★ 9
CVE-2026-20896 Gitea Docker X-WEBAUTH-USER auth bypass checker
Gitea Docker image trusts spoofable reverse-proxy headers by default
48RISCO
abrir ↗VulnCheck XDB
initial-access
Gitea Docker image trusts spoofable reverse-proxy headers by default
48RISCO
abrir ↗GitHub PoC★ 1
A17-ba/CVE-2026-51119
An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/CreateAppUser co
48RISCO
abrir ↗VulnCheck XDB
initial-access
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RISCO
abrir ↗GitHub PoC
Laboratory validation of CVE-2026-48282 in Adobe ColdFusion RDS, covering arbitrary CFM file write, code execution as the ColdFusion service user, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
68RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.