Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.062 exploits
GitHub PoC
Proof of Concept of CVE-2026-38526 in Krayin CRM <= v2.2.x. Arbitrary File Upload leading to Remote Code Execution
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RISCO
abrir ↗VulnCheck XDB
initial-access
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RISCO
abrir ↗GitHub PoC
CVE-2026-49777, CVE-2026-10735 - Draft
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
63RISCO
abrir ↗GitHub PoC★ 1
Proof of concept for CVE-2026-56111, an out-of-bounds write in the M421 G-code handler of Marlin Firmware
Marlin Firmware 2.1.2.7 Out-of-Bounds Write via M421 G-code Handler
41RISCO
abrir ↗GitHub PoC
Unauthenticated RCE PoC for CVE-2026-48908 SP Page Builder (Joomla) arbitrary file upload and remote code execution exploit with mass scaning support.
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISCO
abrir ↗GitHub PoC★ 13
Y5neKO/CVE-2026-8461-EXP
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RISCO
abrir ↗GitHub PoC★ 60
CVE-2026-45504 Microsoft Exchange File Read
Microsoft Exchange Server Elevation of Privilege Vulnerability
41RISCO
abrir ↗GitHub PoC
CVE-2026-48908 - SP Page Builder Joomla Unauthenticated RCE
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-48908
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISCO
abrir ↗VulnCheck XDB
initial-access
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validati
100RISCO
abrir ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-8461 - Draft
Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder
41RISCO
abrir ↗GitHub PoC
CVE-2026-31431 getroot from a Turkish Cryptominer
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 1
Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter | Unauthenticated Privilege Escalation via Weak Password Reset Validation via 'reset_activation_code' Leading to Account Takeover
Invoice Generator <= 1.0.0 - Unauthenticated Account Takeover via Weak Password Reset Validation via 'reset_user_id' Parameter
48RISCO
abrir ↗GitHub PoC
Apache Tomcat CGI Servlet RCE (Windows) — Educational PoC
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISCO
abrir ↗VulnCheck XDB
initial-access
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir ↗GitHub PoC★ 10
CVE-2026-42978 — Use-After-Free race condition in Windows Push Notifications (WpnService). Patch diff, root cause analysis, TOCTOU lab, Sysmon/ETW detection rules.
Windows Push Notifications Elevation of Privilege Vulnerability
41RISCO
abrir ↗GitHub PoC
Prueba de concepto de CVE-2021-41773
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir ↗GitHub PoC★ 10
CVE-2026-55200
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
48RISCO
abrir ↗VulnCheck XDB
local
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interacti
100RISCO
abrir ↗VulnCheck XDB
initial-access
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISCO
abrir ↗GitHub PoC★ 2
This repository contains the Proof of Concept (PoC) exploit script for CVE-2026-45156
Nextcloud: Authentication Bypass in ID4me handling via Missing JWT Signature Verification in User OIDC
41RISCO
abrir ↗VulnCheck XDB
initial-access
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs cla
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-11837: local privilege escalation in the ansible.posix authorized_key module via symlink-following chown. Technical writeup; sibling of CVE-2024-9902.
Ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown
41RISCO
abrir ↗GitHub PoC
eliHiHo/portfolio-drupal-cve-2026-9082
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir ↗GitHub PoC
fuchiuebusi-lab/nginx-ui-CVE-2026-42221-CVE-2026-42238-
nginx-ui: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim
41RISCO
abrir ↗GitHub PoC★ 3
Proof of Concept (PoC) for the TP-Link DHCP Option 66 Unauthenticated RCE (CVE-2026-11834)
Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers
41RISCO
abrir ↗GitHub PoC★ 1
A minimal PoC for CVE-2026-21018, demonstrating how it works
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary
33RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.