Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
71.062 exploits
GitHub PoC
TryHackMe SOC Level 1 — Follina CVE-2022-30190, Nim C2, Chisel, PrintSpoofer, backdoor accounts
CVE-2022-30190HIGHsob ataqueransomware15 jun 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
webapp vulnerable to CVE-2021-44228
CVE-2021-44228CRITICALsob ataqueransomware15 jun 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
GitHub PoC1
CVE-2024-3094 XZ Utils backdoor research - attack surface visualiser, system vulnerability checker, and general Linux CVE assessment tool
CVE-2024-3094CRITICAL14 jun 2026
Xz: malicious code in distributed source
70RISCO
abrir
GitHub PoC
kaleth4/CVE-2022-30190
CVE-2022-30190HIGHsob ataqueransomware14 jun 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
Apache HTTP Server 2.4.49 Path Traversal Vulnerability Reproduction
CVE-2021-41773HIGHsob ataqueransomware14 jun 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC1
CVE-2017-0144
CVE-2017-0144HIGHsob ataqueransomware14 jun 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
CVE-2026-5513: Bookly <= 27.2 Stored XSS via Cookie (Unauthenticated)
CVE-2026-5513HIGH14 jun 2026
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RISCO
abrir
GitHub PoC
CVE-2026-5513 — Bookly ≤ 27.2 Stored XSS via Cookie
CVE-2026-5513HIGH14 jun 2026
Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie
41RISCO
abrir
VulnCheck XDB
info-leak
CVE-2025-14847HIGHsob ataque14 jun 2026
Zlib compressed protocol header length confusion may allow memory read
100RISCO
abrir
GitHub PoC4
CVE-2026-20245
CVE-2026-20245HIGHsob ataque14 jun 2026
Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability
76RISCO
abrir
GitHub PoC1
Defensive research notes for CVE-2026-5950, a BIND 9 resolver DoS vulnerability credited to Billy Baraja (BielraX).
CVE-2026-5950MEDIUM14 jun 2026
Unbounded resend loop in BIND 9 resolver
33RISCO
abrir
VulnCheck XDB
initial-access
CVE-2017-0144HIGHsob ataqueransomware14 jun 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
GitHub PoC
CVE-2026-20253 - Splunk Enterprise
CVE-2026-20253CRITICALsob ataque14 jun 2026
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISCO
abrir
GitHub PoC
Python RCE PoC with reverse-shell listener for CVE-2026-42945 (NGINX Rift)
CVE-2026-42945CRITICAL14 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
webshellseo8/CVE-2026-53787-POC-
CVE-2026-53787CRITICAL14 jun 2026
Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload
63RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL14 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
VulnCheck XDB
info-leak
CVE-2021-41773HIGHsob ataqueransomware14 jun 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC
CVE-2026-20127
CVE-2026-20127CRITICALsob ataque14 jun 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir
GitHub PoC
rohit-sundar/cve-2026-23744
CVE-2026-23744CRITICAL14 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC
CVE-2025-14847 mongobleed python file
CVE-2025-14847HIGHsob ataque14 jun 2026
Zlib compressed protocol header length confusion may allow memory read
100RISCO
abrir
GitHub PoC
CVE-2018-9276 — PRTG Network Monitor < 18.2.39 Authenticated RCE. For educational purposes and authorized penetration testing only.
CVE-2018-9276HIGHsob ataque13 jun 2026
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISCO
abrir
GitHub PoC
J1nKsC/CVE-2024-4367_test
CVE-2024-4367MEDIUM13 jun 2026
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RISCO
abrir
GitHub PoC1
CVE-2021-21425 - GravCMS 1.10.7 Unauthenticated RCE via Scheduler. Improved exploit with CLI args and auto base64 encoding.
CVE-2021-21425CRITICAL13 jun 2026
Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
85RISCO
abrir
GitHub PoC1
HTTP/2 Bomb: HPACK indexed-reference amplification + flow-control stall. A high school student's full protocol analysis (LaTeX). CVE-2026-49975, CVE-2026-47774.
CVE-2026-49975HIGH13 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir
GitHub PoC
Technical writeup and Proof of Concept (PoC) for CVE-2026-11417: OS Command Injection / Remote Code Execution (RCE) in AWS CDK's NodejsFunction.
CVE-2026-11417HIGH13 jun 2026
OS Command Injection in NodejsFunction Bundling in aws-cdk-lib
41RISCO
abrir
VulnCheck XDB
local
CVE-2021-4034HIGHsob ataque13 jun 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALsob ataqueransomware13 jun 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC2
HTTP/2 Bomb (CVE-2026-49975) non-destructive vulnerability detector for Nginx / Apache httpd. Zero-dependency Python.
CVE-2026-49975HIGH13 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-48907CRITICALsob ataque13 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
anteriorpágina 24 / 2.369próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.