Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC
rohit-sundar/cve-2026-23744
CVE-2026-23744CRITICAL14 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC1
CVE-2017-0144
CVE-2017-0144HIGHsob ataqueransomware14 jun 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
GitHub PoC
CVE-2025-55182 exploit script
CVE-2025-55182CRITICALsob ataqueransomware13 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC2
HTTP/2 Bomb (CVE-2026-49975) non-destructive vulnerability detector for Nginx / Apache httpd. Zero-dependency Python.
CVE-2026-49975HIGH13 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir
GitHub PoC1
CVE-2026-45447
CVE-2026-45447HIGH13 jun 2026
Heap Use-After-Free in the PKCS7_verify() Function
41RISCO
abrir
GitHub PoC
AISec Plus Week 1 threat write-up — EchoLeak (CVE-2025-32711), zero-click indirect prompt injection in Microsoft 365 Copilot.
CVE-2025-32711CRITICAL13 jun 2026
M365 Copilot Information Disclosure Vulnerability
48RISCO
abrir
GitHub PoC2
HTTP/2 Bomb (CVE-2026-49975) non-destructive vulnerability detector for Nginx / Apache httpd. Zero-dependency Python.
CVE-2026-49975HIGH13 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir
GitHub PoC
CyruxSec/CVE-2026-4524
CVE-2026-4524MEDIUM13 jun 2026
Authentication Bypass Using an Alternate Path or Channel in GitLab
33RISCO
abrir
GitHub PoC
ExifTool RCE exploit (CVE-2021-22204) - improved version, no exiftool dependency
CVE-2021-22204MEDIUMsob ataque13 jun 2026
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code exec
100RISCO
abrir
GitHub PoC1
HTTP/2 Bomb: HPACK indexed-reference amplification + flow-control stall. A high school student's full protocol analysis (LaTeX). CVE-2026-49975, CVE-2026-47774.
CVE-2026-49975HIGH13 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir
GitHub PoC
CVE-2018-9276 — PRTG Network Monitor < 18.2.39 Authenticated RCE. For educational purposes and authorized penetration testing only.
CVE-2018-9276HIGHsob ataque13 jun 2026
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISCO
abrir
GitHub PoC1
(phpBB authentication bypass)
CVE-2026-48611CRITICAL13 jun 2026
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or
63RISCO
abrir
GitHub PoC1
Hunt-Benito/glinet-beryl-ax-triple-rce-cve-2026-11450-11451-11452-unauthenticated-root-on-travel-router
CVE-2026-11450MEDIUM13 jun 2026
GL.iNet GL-MT3000 Path Normalization dlopen command injection
33RISCO
abrir
GitHub PoC
JupyterHub XSRF bypass via cross-origin form POST (Sec-Fetch-Mode: no-cors) — CWE-352
CVE-2026-40864MEDIUM13 jun 2026
JupyterHub: Cross-origin form POSTs bypass XSRF
33RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-42647-Lab
CVE-2026-42647CRITICAL13 jun 2026
WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability
63RISCO
abrir
GitHub PoC1
CVE-2026-6279
CVE-2026-6279CRITICAL13 jun 2026
Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler
48RISCO
abrir
GitHub PoC
87achrafg-stack/CVE-2026-6279
CVE-2026-6279CRITICAL13 jun 2026
Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler
48RISCO
abrir
GitHub PoC
Some labs looking at the xz backdoor vulnerability (CVE-2024-3094)
CVE-2024-3094CRITICAL13 jun 2026
Xz: malicious code in distributed source
70RISCO
abrir
GitHub PoC1
CVE-2021-21425 - GravCMS 1.10.7 Unauthenticated RCE via Scheduler. Improved exploit with CLI args and auto base64 encoding.
CVE-2021-21425CRITICAL13 jun 2026
Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
85RISCO
abrir
GitHub PoC
Technical writeup and Proof of Concept (PoC) for CVE-2026-11417: OS Command Injection / Remote Code Execution (RCE) in AWS CDK's NodejsFunction.
CVE-2026-11417HIGH13 jun 2026
OS Command Injection in NodejsFunction Bundling in aws-cdk-lib
41RISCO
abrir
GitHub PoC3
CVE-2026-20253
CVE-2026-20253CRITICALsob ataque13 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISCO
abrir
GitHub PoC
Remote Code Execution in DbGate via functionName injection in the loadReader endpoint — CVSS 8.8
CVE-2026-48017HIGH13 jun 2026
DbGate: Remote Code Execution via functionName injection in loadReader endpoint
41RISCO
abrir
GitHub PoC
A lightweight stdio-based MCP server for local file system operations — read, write, edit, search, exec for AI assistants. Specially optimized for Chatbox: bat-bypass for exec (CVE-2026-6130), b64 encoding to eliminate escaping issues, and multi-pattern regex for precise code block targeting.
CVE-2026-6130MEDIUM13 jun 2026
chatboxai chatbox Model Context Protocol Server Management System ipc-stdio-transport.ts StdioClientTransport os command injection
33RISCO
abrir
GitHub PoC
SQL Injection in Dagster database I/O managers via dynamic partition keys (DuckDB/Snowflake/BigQuery/DeltaLake) — High
CVE-2026-41490HIGH13 jun 2026
Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations
41RISCO
abrir
GitHub PoC
J1nKsC/CVE-2024-4367_test
CVE-2024-4367MEDIUM13 jun 2026
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RISCO
abrir
GitHub PoC1
razureink/cve-2026-49975-http2bomb_reproduction
CVE-2026-49975HIGH13 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir
GitHub PoC
webshellseo8/CVE-2026-1555-POC
CVE-2026-1555CRITICAL13 jun 2026
WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload
48RISCO
abrir
GitHub PoC
87achrafg-stack/CVE-2026-48907
CVE-2026-48907CRITICALsob ataque13 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC9
An offensive security researcher + an AI vs. a fresh n-day: building the first public PoC for CVE-2026-53435 in one Friday night. Raw 8h20m log inside.
CVE-2026-53435HIGH12 jun 2026
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrar
46RISCO
abrir
GitHub PoC1
CVE-2026-35273
CVE-2026-35273CRITICALsob ataqueransomware12 jun 2026
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RISCO
abrir
anteriorpágina 18 / 437próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.