Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC
mandeepsohal/CVE-2025-66391
CVE-2025-66391HIGH17 jun 2026
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
41RISCO
abrir
GitHub PoC
Exploitation and mitigation analysis of CVE-2021-3156 heap-based buffer overflow in sudo
CVE-2021-3156HIGHsob ataque17 jun 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISCO
abrir
GitHub PoC
CVE-2026-49083 LatePoint Calendar Booking Plugin Privilege Escalation Exploit
CVE-2026-49083HIGH17 jun 2026
WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability
41RISCO
abrir
GitHub PoC
This project documents the completion and analysis of the Fragnesia (CVE-2026-46300) TryHackMe lab, which demonstrates a Linux kernel page-cache corruption vulnerability capable of achieving local priviledge escalation through modification of cached file pages without altering files on disk.
CVE-2026-46300HIGH17 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC
CVE-2026-49105 WP Zendesk PHP Object Injection Exploit
CVE-2026-49105CRITICAL17 jun 2026
WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-7459 Simple History Missing Authorization Account Takeover Exploit
CVE-2026-7459HIGH17 jun 2026
Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint
41RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-49060-Lab
CVE-2026-49060CRITICAL17 jun 2026
WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability
48RISCO
abrir
GitHub PoC
CVE-2026-9691: Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 Unauthenticated PHP Object Injection PoC, Patch Analysis & Rule
CVE-2026-9691CRITICAL17 jun 2026
WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability
48RISCO
abrir
GitHub PoC
hulina9900-boop/DIY-CVE-2026-42945-POC
CVE-2026-42945CRITICAL17 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
The project documents the completion and analysis of the Fragnesia (CVE-2026-46300) TryHackME lab, which demonstrates a Linux kernel page -cache corruption vulnerability capable of achieving local privilege escalation through modification of cached file pages without altering files on disk.
CVE-2026-46300HIGH17 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC
CVE-2026-45777 PoC
CVE-2026-45777CRITICAL17 jun 2026
Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection
28RISCO
abrir
GitHub PoC
CVE-2026-5411 WP Captcha PRO
CVE-2026-5411HIGH17 jun 2026
WP Captcha PRO <= 5.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
41RISCO
abrir
GitHub PoC
CVE-2026-5415 WP Captcha PRO Authenticated Authentication Bypass Exploit
CVE-2026-5415HIGH17 jun 2026
WP Captcha PRO <= 5.38 - Authenticated (Subscriber+) Authentication Bypass via Temporary Login Link
41RISCO
abrir
GitHub PoC
CVE-2026-7654 Admin Columns PHP Object Injection RCE Exploit
CVE-2026-7654HIGH17 jun 2026
Admin Columns <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution via Custom Field Meta Value
41RISCO
abrir
GitHub PoC
PoC for CVE-2015-10141 – Xdebug unauthenticated RCE
CVE-2015-10141CRITICAL17 jun 2026
Xdebug Remote Debugger Unauthenticated OS Command Execution
63RISCO
abrir
GitHub PoC
d4ngkh04w/CVE-2020-7961
CVE-2020-7961CRITICALsob ataque17 jun 2026
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary c
100RISCO
abrir
GitHub PoC
CVE‑2024‑20399 - Draft
CVE-2024-20399MEDIUMsob ataque17 jun 2026
Cisco NX-OS Software CLI Command Injection Vulnerability
63RISCO
abrir
GitHub PoC
Self-contained Docker reproduction and analysis of CVE-2024-23897, the Jenkins CLI arbitrary file read via the args4j @-syntax argument expansion.
CVE-2024-23897CRITICALsob ataqueransomware16 jun 2026
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISCO
abrir
GitHub PoC
CVE-2026-50751 Mass Scanner
CVE-2026-50751CRITICALsob ataqueransomware16 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISCO
abrir
GitHub PoC1
PoC exploit for CVE-2025-55182 (React2Shell) — Pre-auth RCE in React Server Components | CVSS 10.0
CVE-2025-55182CRITICALsob ataqueransomware16 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
CVE-2025-49844 exploit script
CVE-2025-49844CRITICAL16 jun 2026
Redis Lua Use-After-Free may lead to remote code execution
85RISCO
abrir
GitHub PoC
mahfuzreham/litespeed-cpanel-cve-2026-54420-fix
CVE-2026-54420HIGHsob ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISCO
abrir
GitHub PoC
Saku0512/CVE-2026-54686-poc
CVE-2026-54686MEDIUM16 jun 2026
Warp: DCS lifecycle hook spoofing can alter terminal session metadata
33RISCO
abrir
GitHub PoC
CVE-2026-47101, CVE-2026-47102, CVE-2026-40217
CVE-2026-47101HIGH16 jun 2026
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
41RISCO
abrir
GitHub PoC
Penetration testing assessment of a vulnerable IIS 6.0 WebDAV server, demonstrating reconnaissance, enumeration, exploitation (CVE-2017-7269), and privilege escalation to SYSTEM, along with risk analysis and remediation strategies.
CVE-2017-7269CRITICALsob ataque16 jun 2026
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in
100RISCO
abrir
GitHub PoC
CVE-2026-20262 - Draft
CVE-2026-20262MEDIUMsob ataque16 jun 2026
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
63RISCO
abrir
GitHub PoC
0xdak/CVE-2026-44881_exploit
CVE-2026-44881HIGH16 jun 2026
Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
41RISCO
abrir
GitHub PoC1
CVE-2026-54420
CVE-2026-54420HIGHsob ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISCO
abrir
GitHub PoC8
This is a Linux Kernel Local Privilege Escalation PoC code for CVE-2026-52943 a use-after-free in skbuff.c, my first 0day found by me in linux kernel
CVE-2026-52943HIGH16 jun 2026
net: skbuff: fix missing zerocopy reference in pskb_carve helpers
41RISCO
abrir
GitHub PoC
Resellnom/litespeed-cpanel-cve-2026-54420-fix
CVE-2026-54420HIGHsob ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISCO
abrir
anteriorpágina 16 / 437próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.