Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
71.062 exploits
GitHub PoC1
A script that gives you the credentials of a Pterodactyl panel vulnerable to CVE-2025-49132
CVE-2025-49132CRITICAL16 jun 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
GitHub PoC
CVE-2025-30208 exploit script
CVE-2025-30208MEDIUM16 jun 2026
Vite bypasses server.fs.deny when using `?raw??`
70RISCO
abrir
GitHub PoC62
CVE-2026-41940 exploitation proof-of-concept project
CVE-2026-41940CRITICALsob ataqueransomware16 jun 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC4
Manage and recover BitLocker encrypted drives with this tool for Windows 11 recovery key management and educational study of CVE-2026-45585.
CVE-2026-45585MEDIUM16 jun 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir
VulnCheck XDB
info-leak
CVE-2024-23897CRITICALsob ataqueransomware16 jun 2026
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISCO
abrir
VulnCheck XDB
info-leak
CVE-2025-30208MEDIUM16 jun 2026
Vite bypasses server.fs.deny when using `?raw??`
70RISCO
abrir
GitHub PoC
Resellnom/litespeed-cpanel-cve-2026-54420-fix
CVE-2026-54420HIGHsob ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISCO
abrir
GitHub PoC
mahfuzreham/litespeed-cpanel-cve-2026-54420-fix
CVE-2026-54420HIGHsob ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISCO
abrir
GitHub PoC1
CVE-2026-54420
CVE-2026-54420HIGHsob ataque16 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISCO
abrir
VulnCheck XDB
info-leak
CVE-2026-9082CRITICALsob ataque16 jun 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC1
Mass Scanner For Drupal Exploit CVE-2026-9082
CVE-2026-9082CRITICALsob ataque16 jun 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
Penetration testing assessment of a vulnerable IIS 6.0 WebDAV server, demonstrating reconnaissance, enumeration, exploitation (CVE-2017-7269), and privilege escalation to SYSTEM, along with risk analysis and remediation strategies.
CVE-2017-7269CRITICALsob ataque16 jun 2026
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-50751CRITICALsob ataqueransomware16 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISCO
abrir
GitHub PoC
0xdak/CVE-2026-44881_exploit
CVE-2026-44881HIGH16 jun 2026
Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
41RISCO
abrir
GitHub PoC
Self-contained Docker reproduction and analysis of CVE-2024-23897, the Jenkins CLI arbitrary file read via the args4j @-syntax argument expansion.
CVE-2024-23897CRITICALsob ataqueransomware16 jun 2026
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISCO
abrir
GitHub PoC
CVE-2026-20262 - Draft
CVE-2026-20262MEDIUMsob ataque16 jun 2026
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
63RISCO
abrir
GitHub PoC
ElianGonzi00/CVE-2025-2783
CVE-2025-2783HIGHsob ataque15 jun 2026
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RISCO
abrir
GitHub PoC4
HTTP.sys Denial of Service Vulnerability & HTTP.sys Remote Code Execution Vulnerability
CVE-2026-49160HIGH15 jun 2026
HTTP.sys Denial of Service Vulnerability
53RISCO
abrir
GitHub PoC
webapp vulnerable to CVE-2021-44228
CVE-2021-44228CRITICALsob ataqueransomware15 jun 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
VulnCheck XDB
client-side
CVE-2025-2783HIGHsob ataque15 jun 2026
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RISCO
abrir
GitHub PoC2
DylanZahedi/CVE-2026-9277
CVE-2026-9277CRITICAL15 jun 2026
shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`
48RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-10795-Lab
CVE-2026-10795HIGH15 jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RISCO
abrir
GitHub PoC
CVE-2026-38812 RuoYi v4.8.2 SQL Injection
CVE-2026-38812CRITICAL15 jun 2026
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generatio
48RISCO
abrir
GitHub PoC
TryHackMe SOC Level 1 — Follina CVE-2022-30190, Nim C2, Chisel, PrintSpoofer, backdoor accounts
CVE-2022-30190HIGHsob ataqueransomware15 jun 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
testing
CVE-2026-0257HIGHsob ataque15 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-0257HIGHsob ataque15 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-10795HIGH15 jun 2026
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RISCO
abrir
GitHub PoC1
This repository documents CVE-2026-48849, a Stored Cross-Site Scripting (XSS), HTML Injection, and CSS Injection vulnerability discovered in Roundcube Webmai
CVE-2026-48849MEDIUM15 jun 2026
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored valu
33RISCO
abrir
GitHub PoC
ikarolaborda/CVE-2026-40176
CVE-2026-40176HIGH15 jun 2026
Composer is vulnerable to Command Injection via Malicious Perforce Repository
41RISCO
abrir
GitHub PoC3
PoC exploit for CVE-2026-53519.
CVE-2026-53519CRITICAL15 jun 2026
Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key
48RISCO
abrir
anteriorpágina 23 / 2.369próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.