Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.062 exploits
GitHub PoC★ 6
SimpleHelp OIDC Authentication Bypass PoC
SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification
48RISCO
abrir ↗VulnCheck XDB
initial-access
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir ↗GitHub PoC
BastianXploited/CVE-2026-0740-mass
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISCO
abrir ↗VulnCheck XDB
remote-with-credentials
Gogs: Path Traversal in organization name results in RCE through Git hooks
48RISCO
abrir ↗GitHub PoC
This repository contains a proof-of-concept (PoC) exploit for CVE-2026-38751, affecting OpenSTAManager ≤ 2.10. The vulnerability allows an authenticated attacker to upload a malicious module via the module update functionality, leading to arbitrary file upload and remote code execution (RCE).
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionali
41RISCO
abrir ↗GitHub PoC
DESIGN AND IMPLEMENTATION OF A VULNERABILITY SCANNER FOR CVE-2026-45498 IN MICROSOFT DEFENDER
Microsoft Defender Denial of Service Vulnerability
75RISCO
abrir ↗VulnCheck XDB
initial-access
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authenticat
98RISCO
abrir ↗VulnCheck XDB
initial-access
SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification
48RISCO
abrir ↗GitHub PoC
Gogs has Path Traversal in organization name that results in RCE through Git hooks
Gogs: Path Traversal in organization name results in RCE through Git hooks
48RISCO
abrir ↗GitHub PoC
CVE-2026-48907 PoC
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir ↗GitHub PoC
do4choo/CVE-2026-53694-NoMachine-LPE
Potential local privileges escalation through argument injection in the nxchmod.sh script
41RISCO
abrir ↗GitHub PoC
Pivotal CRM's patch for an initial deserialization vulnerability was incomplete. The fix switched from BinaryFormatter to JSON.NET but left TypeNameHandling set to 4 without implementing SerializationBinder, allowing attackers to execute arbitrary code through malicious $type payloads. Fixed in 6.6.5.10 and Patch_CWE502_20260316.zip
An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip (fixed in Pivotal CRM 6.6.5.10 a
48RISCO
abrir ↗VulnCheck XDB
initial-access
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir ↗VulnCheck XDB
initial-access
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RISCO
abrir ↗VulnCheck XDB
initial-access
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir ↗GitHub PoC
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
41RISCO
abrir ↗GitHub PoC
Safari 跨域信息读取
The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS
41RISCO
abrir ↗GitHub PoC
A flaw was found in NGINX, specifically within the ngx_http_rewrite_module. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in arbitrary code execution
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir ↗GitHub PoC
OpenSTAManager RCE Exploit (CVE-2026-38751)
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionali
41RISCO
abrir ↗GitHub PoC★ 8
CVE-2026-6307 PoC: Longinus - 2 Boundaries in One Bug https://nebusec.ai/research/v8-cve-2026-6307-writeup/)
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code
41RISCO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-56011-Lab
WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability
41RISCO
abrir ↗GitHub PoC
emilliewatson96/spryCVE-2026-10520
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir ↗VulnCheck XDB
client-side
WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability
41RISCO
abrir ↗GitHub PoC★ 48
Google Chrome CVE-2026-6307 PoC
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code
41RISCO
abrir ↗GitHub PoC
CVE-2026-46490 — samlify <2.13.0 SAML AttributeValue XML injection -> signed-assertion privilege escalation. Self-contained PoC, verified e2e.
samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
41RISCO
abrir ↗GitHub PoC
Safari 跨域读取视频
A cross-origin issue was addressed with improved tracking of security origins. This issue is fixed in Safari 26.5.2, iOS
33RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.