Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.062 exploits
GitHub PoC★ 2
Safely detect whether a SolarWinds Serv-U host is vulnerable to CVE-2026-28318
SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability
76RISCO
abrir ↗GitHub PoC
CVE-2026-49777 - ShapedPlugin Product Slider Pro for WooCommerce Backdoor RCE
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
63RISCO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-46645-Analysis-Lab
SQLAdmin: Authorization Bypass on `ajax_lookup`
33RISCO
abrir ↗GitHub PoC★ 4
CVE-2026-35273
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-50751 — Check Point IKEv1 Authentication Bypass
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-25089
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
53RISCO
abrir ↗GitHub PoC
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
Advanced Custom Fields: Extended <= 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to '_acf_post_id' Parameter
48RISCO
abrir ↗GitHub PoC★ 3
CVE-2026-48907
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir ↗GitHub PoC★ 1
FOSSBilling CVE-2026-53647 & CVE-2026-53646 PoC — Unauthenticated API key disclosure & password reset token reuse
FOSSBilling vulnerable to unauthenticated API key configuration disclosure via guest Serviceapikey get_info endpoint
33RISCO
abrir ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
Cisco Unified Communications Manager (Unified CM) deployments affected by CVE-2026-20230.
Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability
53RISCO
abrir ↗GitHub PoC★ 13
watchtowrlabs/watchTowr-vs-Splunk-CVE-2026-20253
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
100RISCO
abrir ↗GitHub PoC
CVE-2026-0273 - Draft
PAN-OS: Authenticated Admin Command Injection Vulnerability via CLI or Web UI
33RISCO
abrir ↗VulnCheck XDB
initial-access
WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability
68RISCO
abrir ↗GitHub PoC
From deobfuscating code.js to root, CVE-2023-0386
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities wa
86RISCO
abrir ↗GitHub PoC
CVE-2026-5027 - Draft
Langflow - Path Traversal Arbitrary File Write via upload_user_file
68RISCO
abrir ↗VulnCheck XDB
initial-access
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir ↗VulnCheck XDB
initial-access
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir ↗GitHub PoC
anirudhmakkar/cve-2026-7665
Essential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX Handler
33RISCO
abrir ↗GitHub PoC
This repository contains a lab validation report and detection artefacts for DirtyFrag CVE-2026-43284, a Linux local privilege escalation issue related to the XFRM/ESP page-cache write path. The focus is on auditd telemetry, event correlation, and SOC-oriented detection logic.
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
CVE-2026-50507 - Draft
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir ↗GitHub PoC
CVE-2026-10795 The UpdraftPlus POC
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RISCO
abrir ↗VulnCheck XDB
initial-access
UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc
41RISCO
abrir ↗GitHub PoC★ 39
A demonstration of read write using cve-2025-43529 on iOS 26.1
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and
71RISCO
abrir ↗GitHub PoC
leehunkoo/cve-2013-4660_PoC
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
43RISCO
abrir ↗GitHub PoC
Escáner pasivo de seguridad para CVE-2025-55182 que identifica indicadores públicos asociados a Next.js y React Server Components. Realiza validaciones seguras, analiza cabeceras y rutas, y proporciona una evaluación de exposición basada en evidencias sin explotación.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 1
PoC didático em Python 3 para a CVE-2019-9053, uma SQL Injection time-based blind no CMS Made Simple <= 2.2.9. Esta versão foi adaptada para uso em CTF/laboratório, com prefixos pré-configurados para reduzir o tempo de extração e mensagens explicativas em português.
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.