Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.062 exploits
GitHub PoC
CVE-2026-53753 — Crawl4AI <0.8.7 unauthenticated RCE (AST sandbox escape via gi_frame.f_back). Lab + PoC, verified e2e.
Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
48RISCO
abrir ↗VulnCheck XDB
initial-access
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir ↗VulnCheck XDB
initial-access
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISCO
abrir ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
cve-2026-46331-audit script
net/sched: fix pedit partial COW leading to page cache corruption
41RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-55200 - Critical libssh2 Remote Code Execution Vulnerability
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
48RISCO
abrir ↗GitHub PoC★ 21
Python Proof of Concept for DirtyClone (CVE-2026-43503) - Linux kernel LPE via page-cache corruption
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISCO
abrir ↗GitHub PoC
POC for CVE-2026-20253
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-46817
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versi
78RISCO
abrir ↗VulnCheck XDB
initial-access
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir ↗GitHub PoC★ 1
iCagenda Unauthenticated File Upload to RCE
Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15
78RISCO
abrir ↗VulnCheck XDB
initial-access
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir ↗VulnCheck XDB
initial-access
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir ↗VulnCheck XDB
initial-access
FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE
63RISCO
abrir ↗GitHub PoC
CVE-2026-56782 — Gorse <0.5.10 unauthenticated DB dump/restore (admin_api_key fail-open). Lab + PoC, verified e2e.
Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints
63RISCO
abrir ↗GitHub PoC
HutTwoThreeFour/CVE-2026-5562-Exploit
provectus kafka-ui Endpoint testexecutions validateAccess code injection
33RISCO
abrir ↗VulnCheck XDB
initial-access
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary comman
60RISCO
abrir ↗GitHub PoC
Why-Shell/CVE-2026-38751
OpenSTAManager version 2.10 and earlier contains an arbitrary file upload vulnerability in the module update functionali
41RISCO
abrir ↗GitHub PoC★ 192
CVE-2026-41940 authentication bypass vulnerability proof-of-concept
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir ↗VulnCheck XDB
initial-access
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to
100RISCO
abrir ↗VulnCheck XDB
local
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities wa
86RISCO
abrir ↗GitHub PoC★ 2
DirtyClone - local privilege escalation (LPE) proof-of-concept targeting a kernel/XFRM-related vulnerability described in the source as CVE-2026-43503
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-49048 — JoomCCK 6.4.0 Unauthenticated SQL Injection (CVSS 9.8)
Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1
41RISCO
abrir ↗VulnCheck XDB
initial-access
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISCO
abrir ↗GitHub PoC★ 5
CVE-2026-46331 — Linux Kernel Local Privilege Escalation TC pedit + IPsec TEE Page Cache Corruption · Affected kernels: ≤ 6.12.9
net/sched: fix pedit partial COW leading to page cache corruption
41RISCO
abrir ↗GitHub PoC
Unauthenticated RCE PoC for CVE-2026-48908 SP Page Builder (Joomla) arbitrary file upload and remote code execution exploit with mass scaning support.
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISCO
abrir ↗GitHub PoC
Double-free in Apache httpd mod_http2 stream cleanup leading to pre-auth RCE
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-12485
GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command
48RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.