Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.002exploits catalogados
31.582CVEs com exploração pública
13.048 exploits
GitHub PoC
CVE-2026-8181 — Burst Statistics WordPress plugin Authentication Bypass (CVSS 9.8) to Admin Account Takeover. Mass scanner with FOFA/Shodan integration and modern GUI.
CVE-2026-8181CRITICAL14 jul 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
GitHub PoC3
Vulnerability analysis and Proof of Concept (PoC) for CVE-2026-43499 affecting Xiaomi devices. For educational and research purposes only.
CVE-2026-43499HIGH14 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-46457 — Apache Camel camel-nats inbound header injection (Camel control-header injection via a NATS publisher; CamelHttpUri -> SSRF)
CVE-2026-46457HIGH14 jul 2026
Apache Camel: Camel-NATS: Inbound NATS message headers are mapped into the Exchange without a configured HeaderFilterStrategy, allowing a client that can publish to the subject to inject Camel control headers
41RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-46584: Apache Camel camel-mail mail.smtp.* header injection enabling credential theft via on-path SOCKS interception (fixed in 4.14.8/4.18.3/4.21.0)
CVE-2026-46584LOW14 jul 2026
Apache Camel Mail: The mail producer applied attacker-supplied message headers as JavaMail session properties, allowing an attacker to influence SMTP parameters
28RISCO
abrir
GitHub PoC1
本次个人漏洞研究进展成果
CVE-2026-43499HIGH14 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir
GitHub PoC
JohannesLks/CVE-2026-50338
CVE-2026-50338HIGH14 jul 2026
Azure Spring Apps Elevation of Privilege Vulnerability
38RISCO
abrir
GitHub PoC
Bartixxx32/CVE-2026-43499-OnePlus15
CVE-2026-43499HIGH14 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir
GitHub PoC
OPPO Find X6 Pro GhostLock (CVE-2026-43499) exploit adaptation
CVE-2026-43499HIGH13 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir
GitHub PoC
Admin-only terminal bootstrap routes checked only for login state, which let a normal team member drive Coolify's realtime terminal backend and execute commands on team servers.
CVE-2026-34048CRITICAL13 jul 2026
Coolify: Missing authorization on terminal websocket bootstrap routes allows low-privileged members to execute commands on team servers
48RISCO
abrir
GitHub PoC1
CVE-2026-6307 - Google Chrome V8 Turbofan Type Confusion Sandbox Escape - PoC & Analysis | CVSS 8.8 HIGH | AMN SECURITY
CVE-2026-6307HIGH13 jul 2026
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code
41RISCO
abrir
GitHub PoC
1beelze/CVE-2026-5118
CVE-2026-5118CRITICAL13 jul 2026
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
48RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-43867 — Apache Camel camel-pqc AwsSecretsManagerKeyLifecycleManager unsafe key-metadata deserialization (RCE)
CVE-2026-43867CRITICAL13 jul 2026
Apache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter
48RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-46456 — Apache Camel camel-aws2-sqs inbound message-attribute header injection (Camel control-header injection via sqs:SendMessage → downstream producer steering / RCE)
CVE-2026-46456CRITICAL13 jul 2026
Apache Camel: Camel-AWS2-SQS: Inbound message attributes are mapped into the Exchange without an inbound HeaderFilterStrategy, allowing a message sender to inject Camel control headers
48RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-46455 — Apache Camel camel-keycloak missing TokenVerifier.IS_ACTIVE check (expired access tokens accepted)
CVE-2026-46455CRITICAL13 jul 2026
Apache Camel: Camel-Keycloak: The access-token validity window is not verified because the IS_ACTIVE check is missing from the TokenVerifier, allowing expired tokens to be accepted
48RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-46454 — Apache Camel camel-cometd inbound Bayeux header injection (unauthenticated Camel control-header injection → downstream producer steering / RCE)
CVE-2026-46454CRITICAL13 jul 2026
Apache Camel: Camel-Cometd: Inbound Bayeux message headers are mapped into the Exchange without a HeaderFilterStrategy, allowing unauthenticated clients to inject Camel control headers
48RISCO
abrir
GitHub PoC11
CVE-2026-43724 - Apple's published enough advisories about the issue, I'm not getting paid for any of my kernel bugs.
CVE-2026-43724HIGH13 jul 2026
The issue was addressed with improved input sanitization. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tah
41RISCO
abrir
GitHub PoC1
Mendeteksi versi (passive detection) & Exploitation CVE POC
CVE-2026-56291CRITICALsob ataque13 jul 2026
Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
78RISCO
abrir
GitHub PoC
CVE-2026-49049 Helix3 (JoomShaper) Joomla Unauthenticated AJAX RCE Scanner
CVE-2026-49049HIGH13 jul 2026
Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler
41RISCO
abrir
GitHub PoC
CVE-2026-53805 - Draft
CVE-2026-53805CRITICAL13 jul 2026
NVIDIA SIL GEN3C Unauthenticated RCE via Pickle Deserialization in Inference API
48RISCO
abrir
GitHub PoC1
CVE-2026-46529 - Atril Evince XReader PDF Clickable Link RCE - PoC & Analysis | CVSS 7.8 HIGH | AMN SECURITY
CVE-2026-46529HIGH13 jul 2026
PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
41RISCO
abrir
GitHub PoC1
CVE-2026-48907 - Joomla JCE Editor Unauthenticated RCE - PoC & Analysis | CVSS 9.8 CRITICAL | AMN SECURITY
CVE-2026-48907CRITICALsob ataque13 jul 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC1
Android version CVE-2026-43499 tester
CVE-2026-43499HIGH13 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir
GitHub PoC3
(Hopefully) A tool to root for (most) Android devices through CVE-2026-43499
CVE-2026-43499HIGH13 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir
GitHub PoC
nuclei template for CVE-2026-56291
CVE-2026-56291CRITICALsob ataque13 jul 2026
Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
78RISCO
abrir
GitHub PoC2
Multi OS Support: Version for MacOS/Linux and Windows, Fully translated to English
CVE-2026-43499HIGH13 jul 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir
GitHub PoC1
CVE-2026-36214 - osTicket Stored XSS via Bootstrap Tooltip - PoC & Analysis | CVSS 8.7 HIGH | AMN SECURITY
CVE-2026-36214MEDIUM13 jul 2026
osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable
30RISCO
abrir
GitHub PoC3
Unauthenticated Arbitrary File/Folder Deletion in Joomla Helix Ultimate (JoomShaper) <= 2.2.6 — CVE-2026-57830
CVE-2026-57830HIGH13 jul 2026
Joomla Extension - joomshaper.com - Unauthenticated arbitrary file deletion in Helix Ultimate < 2.2.7
41RISCO
abrir
GitHub PoC3
Unauthenticated Stored XSS in Joomla Helix Ultimate (JoomShaper) <= 2.2.6
CVE-2026-57829HIGH13 jul 2026
Joomla Extension - joomshaper.com - Unauthenticated stored XSS in Helix Ultimate < 2.2.7
41RISCO
abrir
GitHub PoC1
CVE-2026-40047 - Apache Camel Docling CLI Argument Injection - PoC & Analysis | CVSS 9.1 CRITICAL | AMN SECURITY
CVE-2026-40047CRITICAL13 jul 2026
Apache Camel: Camel-Docling: Insufficient validation of custom CLI arguments enables argument injection and path traversal in DoclingProducer
48RISCO
abrir
GitHub PoC
Reproducer for CVE-2026-46453 — Apache Camel camel-elasticsearch-rest-client unprefixed-header injection (operation/query override via inbound HTTP headers)
CVE-2026-46453MEDIUM13 jul 2026
Apache Camel: Camel-Elasticsearch-Rest-Client: Exchange header constants without the Camel prefix bypass inbound HTTP header filtering, allowing untrusted clients to override the Elasticsearch query and operation
33RISCO
abrir
página 1 / 435próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.