Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC1
CVE-2026-12485
CVE-2026-12485CRITICAL28 jun 2026
GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command
48RISCO
abrir
GitHub PoC2
DirtyClone - local privilege escalation (LPE) proof-of-concept targeting a kernel/XFRM-related vulnerability described in the source as CVE-2026-43503
CVE-2026-43503HIGH28 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISCO
abrir
GitHub PoC
Unauthenticated RCE PoC for CVE-2026-48908 SP Page Builder (Joomla) arbitrary file upload and remote code execution exploit with mass scaning support.
CVE-2026-48908CRITICAL28 jun 2026
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISCO
abrir
GitHub PoC192
CVE-2026-41940 authentication bypass vulnerability proof-of-concept
CVE-2026-41940CRITICALsob ataqueransomware28 jun 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC1
CVE-2026-49048 — JoomCCK 6.4.0 Unauthenticated SQL Injection (CVSS 9.8)
CVE-2026-49048HIGH28 jun 2026
Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1
41RISCO
abrir
GitHub PoC
POC for CVE-2026-41179
CVE-2026-41179CRITICAL28 jun 2026
RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution
63RISCO
abrir
GitHub PoC
Double-free in Apache httpd mod_http2 stream cleanup leading to pre-auth RCE
CVE-2026-23918HIGH28 jun 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISCO
abrir
GitHub PoC5
CVE-2026-46331 — Linux Kernel Local Privilege Escalation TC pedit + IPsec TEE Page Cache Corruption · Affected kernels: ≤ 6.12.9
CVE-2026-46331HIGH28 jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RISCO
abrir
GitHub PoC
patched ffmpeg-tools for jellyfin to patch CVE-2026-8461 aka PixelSmash
CVE-2026-8461HIGH27 jun 2026
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RISCO
abrir
GitHub PoC
CVE-2026-46331 - Draft
CVE-2026-46331HIGH27 jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RISCO
abrir
GitHub PoC
SugiB3o/CVE-2026-31431
CVE-2026-31431HIGHsob ataque27 jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC105
CVE-2026-43499 PoC
CVE-2026-43499HIGH27 jun 2026
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir
GitHub PoC
PoC for CVE-2026-5366: git argument injection in Prefect's GitRepository leading to RCE on the worker.
CVE-2026-5366CRITICAL27 jun 2026
Git Argument Injection in prefecthq/prefect
48RISCO
abrir
GitHub PoC1
WP Full Stripe Free <= 8.4.3 - Missing Authorization
CVE-2026-12432MEDIUM27 jun 2026
Stripe Payment Forms by WP Full Pay <= 8.4.3 - Missing Authorization to Unauthenticated Payment Record Manipulation via 'paymentIntentId' Parameter
33RISCO
abrir
GitHub PoC
CVE-2026-48907 is a CVSS 10.0 pre-auth RCE in Joomla Content Editor affecting all versions ≤ 2.9.99.4. The Grayxploit team breaks down the 3-weakness chain — missing auth, no extension validation, and an unsafe upload flag — that lets attackers pop a shell in 3 HTTP requests.
CVE-2026-48907CRITICALsob ataque27 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC7
OpenSTAManager-RCE-Exploit-CVE-2026-38751
CVE-2026-38751HIGH27 jun 2026
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionali
41RISCO
abrir
GitHub PoC2
CVE-2026-0073-Android-ADBD-bypass-POC汉化版
CVE-2026-0073HIGH27 jun 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISCO
abrir
GitHub PoC56
cve-2026-48907 scanner
CVE-2026-48907CRITICALsob ataque27 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC2
Educational, defensive kit for two Linux page-cache-corruption LPEs (DirtyClone CVE-2026-43503, pedit COW CVE-2026-46331): hardening, detection, verification, seccomp + validation harness. Detection and prevention only — no exploit code. TLP:CLEAR.
CVE-2026-43503HIGH27 jun 2026
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISCO
abrir
GitHub PoC
Hunt-Benito/traefik-stripprefix-auth-bypass-cve-2026-48020-path-normalization
CVE-2026-48020HIGH27 jun 2026
Traefik StripPrefix Route-Level Auth Bypass via Path Normalization
41RISCO
abrir
GitHub PoC4
CVE-2026-8461
CVE-2026-8461HIGH26 jun 2026
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RISCO
abrir
GitHub PoC
CVE-2026-54807 WooCommerce Privilege Escalation ║ ║ Unauthenticated Admin Role Assignment via Reg. Form
CVE-2026-54807CRITICAL26 jun 2026
WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerability
48RISCO
abrir
GitHub PoC
A local package installation helper trusted caller-supplied package names too much. In yeoman-environment, missing generators could be installed without user confirmation, turning attacker-controlled project metadata into a package-install and code-execution path.
CVE-2026-42089HIGH26 jun 2026
yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation
41RISCO
abrir
GitHub PoC26
CVE-2026-46331
CVE-2026-46331HIGH26 jun 2026
net/sched: fix pedit partial COW leading to page cache corruption
41RISCO
abrir
GitHub PoC1
CVE-2026-8932
CVE-2026-8932HIGH26 jun 2026
incomplete mTLS config matching in conn reuse
41RISCO
abrir
GitHub PoC
12hrformat/CVE-2026-35273-POC
CVE-2026-35273CRITICALsob ataqueransomware26 jun 2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RISCO
abrir
GitHub PoC
A low-privileged Docmost user could supply a victim attachmentId to the generic upload endpoint and overwrite another page's stored attachment inside the same workspace.
CVE-2026-34213MEDIUM26 jun 2026
Docmost has cross-page attachment overwrite via flawed attachmentId overwrite validation
33RISCO
abrir
GitHub PoC
Docmost accepted a javascript: URL inside an attachment node, preserved it through storage and rendering, and turned it back into a clickable anchor in the Docmost origin.
CVE-2026-34212MEDIUM26 jun 2026
Docmost page content has stored XSS via unsanitized attachment URLs
33RISCO
abrir
GitHub PoC
CVE-2026-12415-or-CVE-2026-12416.py
CVE-2026-12415CRITICAL26 jun 2026
Invoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' Parameter
48RISCO
abrir
GitHub PoC
A public share looked clean in the page tree, but the search endpoint told a different story. In Docmost, restricted child pages hidden from public share viewers could still leak through public share search results.
CVE-2026-33146MEDIUM26 jun 2026
Docmost's Public Share Search Exposes Metadata of Restricted Children
33RISCO
abrir
anteriorpágina 10 / 437próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.