Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC3
🔥 CVE-2026-41091 SolarFlare | Microsoft Defender LPE exploit. Low-privileged users gain NT AUTHORITY\SYSTEM via Cloud Files API + NTFS junction trickery. Forces Defender to write malicious payloads to System32 with SYSTEM rights. ⚠️ Actively exploited in wild. CVSS 7.8. Patch: Defender Engine 1.1.26040.8. 🛡️ Educational PoC only.
CVE-2026-41091HIGHsob ataque20 jun 2026
Microsoft Defender Elevation of Privilege Vulnerability
71RISCO
abrir
GitHub PoC2
Missing Authorization to Unauthenticated File Modification
CVE-2026-11912HIGH20 jun 2026
Simple File List <= 6.3.7 - Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action
41RISCO
abrir
GitHub PoC
Time-Based Blind SQL Injection tool for MySQL - CVE-2019-9053
CVE-2019-905320 jun 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir
GitHub PoC
Technical analysis of Apache Tomcat CVE-2024-50379, covering root cause, exploitation conditions, detection strategies, and mitigation techniques.
CVE-2024-50379CRITICAL20 jun 2026
Apache Tomcat: RCE due to TOCTOU issue in JSP compilation
60RISCO
abrir
GitHub PoC
aelshimony-cloud/OpenWire-CVE-2023-46604-Investigation
CVE-2023-46604CRITICALsob ataqueransomware20 jun 2026
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RISCO
abrir
GitHub PoC
PoC for CVE-2022-0543 – Redis Remote Code Execution (RCE)
CVE-2022-0543CRITICALsob ataque19 jun 2026
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific
100RISCO
abrir
GitHub PoC
CVE-2026-42055 - Draft
CVE-2026-42055CRITICAL19 jun 2026
NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-42530 - Draft
CVE-2026-42530CRITICAL19 jun 2026
NGINX Open-Source ngx_http_v3_module vulnerability
48RISCO
abrir
GitHub PoC4
Scanner PoC for CVE-2026-42530 -- nginx 1.31.0-1.31.1 HTTP/3 QPACK encoder stream Use-After-Free (CVSS 9.2)
CVE-2026-42530CRITICAL19 jun 2026
NGINX Open-Source ngx_http_v3_module vulnerability
48RISCO
abrir
GitHub PoC1
Unauthenticated Privilege Escalation via Account Takeover
CVE-2026-11551CRITICAL19 jun 2026
Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover
48RISCO
abrir
GitHub PoC2
CVE-2026-10520 - CVE-2026-10523 - Ivanti Sentry
CVE-2026-10523CRITICAL19 jun 2026
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allow
60RISCO
abrir
GitHub PoC
AlexMihailEngineer/CVE-2026-11784-Optimole-CSRF
CVE-2026-11784MEDIUM19 jun 2026
Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization <= 4.2.6 - Cross-Site Request Forgery via 'optml_replace_file' AJAX Action
33RISCO
abrir
GitHub PoC
Saku0512/CVE-2026-54761-poc
CVE-2026-54761MEDIUM19 jun 2026
Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services
33RISCO
abrir
GitHub PoC
CVE-2026-7515: BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion TO RCE EXPLOİT
CVE-2026-7515CRITICAL19 jun 2026
BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
48RISCO
abrir
GitHub PoC
CVE-2026-48611- authentication bypass in phpBB
CVE-2026-48611CRITICAL19 jun 2026
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or
63RISCO
abrir
GitHub PoC2
POC for CVE-2026-25212
CVE-2026-25212CRITICAL19 jun 2026
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileg
48RISCO
abrir
GitHub PoC
Exploitability PoC for CVE-2026-43515 (Apache Tomcat constraint bypass).
CVE-2026-43515CRITICAL19 jun 2026
Apache Tomcat: Security constraints not correctly applied
48RISCO
abrir
GitHub PoC
xxconi/CVE-2026-4782
CVE-2026-4782MEDIUM19 jun 2026
Avada Builder <= 3.15.2 - Authenticated (Subscriber+) Arbitrary File Read via 'custom_svg' Shortcode Parameter
33RISCO
abrir
GitHub PoC2
CVE-2026-42530
CVE-2026-42530CRITICAL19 jun 2026
NGINX Open-Source ngx_http_v3_module vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-11551: Branda Plugin - Unauthenticated Privilege Escalation via Account Takeover
CVE-2026-11551CRITICAL19 jun 2026
Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover
48RISCO
abrir
GitHub PoC2
ptd200110/CVE-2024-27198-SOC-Lab
CVE-2024-27198CRITICALsob ataqueransomware19 jun 2026
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISCO
abrir
GitHub PoC
Повышение привилегий через race condition в polkit
CVE-2021-3560HIGHsob ataque19 jun 2026
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RISCO
abrir
GitHub PoC6
PoC exploit for CVE-2023-6019 - Remote Code Execution via unauthenticated Ray Dashboard Jobs API.
CVE-2023-6019CRITICAL19 jun 2026
Ray Command Injection in cpu_profile Parameter
85RISCO
abrir
GitHub PoC
Full-chain CVE-2025-57819 PoC for FreePBX 15, 16, and 17: unauthenticated SQLi to RCE and root takeover.
CVE-2025-57819CRITICALsob ataque18 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
GitHub PoC2
CVE-2025-54123 Hoverfly Command Injection to RCE PoC
CVE-2025-54123CRITICAL18 jun 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISCO
abrir
GitHub PoC1
Unauthenticated RCE exploit for Veritas Backup Exec Agent (CVE-2021-27876/77/78) — SHA auth bypass to SYSTEM via NDMP
CVE-2021-27876HIGHsob ataqueransomware18 jun 2026
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RISCO
abrir
GitHub PoC1
CVE-2026-40369
CVE-2026-40369HIGH18 jun 2026
Windows Kernel Elevation of Privilege Vulnerability
41RISCO
abrir
GitHub PoC
Root-Level RCE via OS Command Injection in Ivanti Sentry
CVE-2026-10520CRITICAL18 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir
GitHub PoC
A vulnerability in LiteSpeed cPanel Plugin before 2.4.8 and WHM Plugin before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
CVE-2026-54420HIGHsob ataque18 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISCO
abrir
GitHub PoC
HTTP2-Bomb
CVE-2026-49975HIGH18 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir
anteriorpágina 14 / 437próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.