Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC1
Proof of concept for CVE-2026-36027 and CVE-2026-36028
CVE-2026-36027MEDIUM02 jul 2026
An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via
33RISCO
abrir
GitHub PoC1
kaleth4/CVE-2026-20896
CVE-2026-20896CRITICAL02 jul 2026
Gitea Docker image trusts spoofable reverse-proxy headers by default
48RISCO
abrir
GitHub PoC
This repository contains a proof-of-concept (PoC) exploit for CVE-2026-38751, affecting OpenSTAManager ≤ 2.10. The vulnerability allows an authenticated attacker to upload a malicious module via the module update functionality, leading to arbitrary file upload and remote code execution (RCE).
CVE-2026-38751HIGH02 jul 2026
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionali
41RISCO
abrir
GitHub PoC
Hunt-Benito/llama-factory-webui-rce-cve-2026-58116-trust-remote-code-model-path-injection
CVE-2026-58116CRITICAL02 jul 2026
LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path
48RISCO
abrir
GitHub PoC
Crawl4AI <= 0.8.6 pre-auth RCE via AST sandbox escape (gi_frame.f_back.f_builtins chain) — CVSS 10.0
CVE-2026-53753CRITICAL02 jul 2026
Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
48RISCO
abrir
GitHub PoC
BastianXploited/CVE-2026-0740-mass
CVE-2026-0740CRITICAL02 jul 2026
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISCO
abrir
GitHub PoC6
SimpleHelp OIDC Authentication Bypass PoC
CVE-2026-48558CRITICAL02 jul 2026
SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification
48RISCO
abrir
GitHub PoC
CVE-2026-54477: Admin Panel Missing Security Headers (clickjacking/XSS) - Gardyn (ICSA-26-183-03)
CVE-2026-54477MEDIUM02 jul 2026
Gardyn IoT Hub Improper Neutralization of HTTP Headers for Scripting Syntax
33RISCO
abrir
GitHub PoC
DESIGN AND IMPLEMENTATION OF A VULNERABILITY SCANNER FOR CVE-2026-45498 IN MICROSOFT DEFENDER
CVE-2026-45498MEDIUMsob ataque02 jul 2026
Microsoft Defender Denial of Service Vulnerability
75RISCO
abrir
GitHub PoC
CVE-2026-13768: Privileged iothubowner IoT Hub credential — fleet enumeration, device RCE, home-network pivot — Gardyn (ICSA-26-183-03)
CVE-2026-13768CRITICAL02 jul 2026
Gardyn IoT Hub Use of Hard-coded Credentials
48RISCO
abrir
GitHub PoC
Gogs has Path Traversal in organization name that results in RCE through Git hooks
CVE-2026-52813CRITICAL02 jul 2026
Gogs: Path Traversal in organization name results in RCE through Git hooks
48RISCO
abrir
GitHub PoC
kaleth4/CVE-2026-55200
CVE-2026-55200CRITICAL02 jul 2026
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
48RISCO
abrir
GitHub PoC
Gorse < 0.5.10 contains an authentication bypass caused by empty admin_api_key in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty admin_api_key configuration.
CVE-2026-56782CRITICAL02 jul 2026
Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints
63RISCO
abrir
GitHub PoC
pedit COW
CVE-2026-46331HIGH01 jul 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RISCO
abrir
GitHub PoC
emilliewatson96/spryCVE-2026-10520
CVE-2026-10520CRITICAL01 jul 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir
GitHub PoC8
CVE-2026-6307 PoC: Longinus - 2 Boundaries in One Bug https://nebusec.ai/research/v8-cve-2026-6307-writeup/)
CVE-2026-6307HIGH01 jul 2026
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code
41RISCO
abrir
GitHub PoC
Safari 跨域信息读取
CVE-2026-43735HIGH01 jul 2026
The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS
41RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-56011-Lab
CVE-2026-56011HIGH01 jul 2026
WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability
41RISCO
abrir
GitHub PoC
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
CVE-2026-55488HIGH01 jul 2026
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
41RISCO
abrir
GitHub PoC48
Google Chrome CVE-2026-6307 PoC
CVE-2026-6307HIGH01 jul 2026
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code
41RISCO
abrir
GitHub PoC
A flaw was found in NGINX, specifically within the ngx_http_rewrite_module. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in arbitrary code execution
CVE-2026-42945CRITICAL01 jul 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Pivotal CRM's patch for an initial deserialization vulnerability was incomplete. The fix switched from BinaryFormatter to JSON.NET but left TypeNameHandling set to 4 without implementing SerializationBinder, allowing attackers to execute arbitrary code through malicious $type payloads. Fixed in 6.6.5.10 and Patch_CWE502_20260316.zip
CVE-2026-51947CRITICAL01 jul 2026
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 a
48RISCO
abrir
GitHub PoC
OpenSTAManager RCE Exploit (CVE-2026-38751)
CVE-2026-38751HIGH01 jul 2026
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionali
41RISCO
abrir
GitHub PoC
CVE-2026-48907 PoC
CVE-2026-48907CRITICALsob ataque01 jul 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC
do4choo/CVE-2026-53694-NoMachine-LPE
CVE-2026-53694HIGH01 jul 2026
Potential local privileges escalation through argument injection in the nxchmod.sh script
41RISCO
abrir
GitHub PoC
CVE-2026-58138 — Conductor (3.21.21..<3.30.2) unauthenticated RCE via INLINE GraalVM evaluator (HostAccess.ALL). Lab + PoC, verified e2e (root).
CVE-2026-58138CRITICAL30 jun 2026
Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators
48RISCO
abrir
GitHub PoC2
Citrix NetScaler CVE Preconditions Checker as per CTX696604 | Supported CVE : CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474
CVE-2026-8451HIGH30 jun 2026
Insufficient input validation leading to memory overread
41RISCO
abrir
GitHub PoC
Kestra Auth-Bypass Vulnerability Checker
CVE-2026-49869CRITICAL30 jun 2026
Kestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`
48RISCO
abrir
GitHub PoC
CVE-2026-56121 — Feast <0.63.0 unauthenticated RCE via gRPC registry dill.loads of OnDemandFeatureView UDF (pre-auth). Lab + PoC, verified e2e.
CVE-2026-56121CRITICAL30 jun 2026
Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization
48RISCO
abrir
GitHub PoC
POC for CVE-2026-48907
CVE-2026-48907CRITICALsob ataque30 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.