Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
13.086 exploits
GitHub PoC8
p3Nt3st3r-sTAr/CVE-2026-8732-POC
CVE-2026-8732CRITICAL01 jun 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISCO
abrir
GitHub PoC
CVE analysis of CVE-2025-40536, SolarWinds Web Help Desk security control bypass (CVSS 8.1). Covers vulnerability mechanics, attack chain with companion RCE CVEs, Storm-2603 threat actor attribution, MITRE ATT&CK mapping, and detection/remediation guidance for DoD and government environments.
CVE-2025-40536HIGHsob ataque01 jun 2026
SolarWinds Web Help Desk Security Control Bypass Vulnerability
100RISCO
abrir
GitHub PoC
CVE-2026-8732 - Draft (WordPress)
CVE-2026-8732CRITICAL01 jun 2026
WP Maps Pro <= 6.1.0 - Unauthenticated Privilege Escalation via Administrator Account Creation to wpgmp_temp_access_ajax AJAX Action
48RISCO
abrir
GitHub PoC
Strapi CVE-2026-27886. Leaking sensitive data via relational filtering due to lack of query sanitization
CVE-2026-27886CRITICAL01 jun 2026
Strapi may leak sensitive data via relational filtering due to lack of query sanitization
48RISCO
abrir
GitHub PoC
PAN-OS: GlobalProtect Authentication Bypass
CVE-2026-0257HIGHsob ataque01 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
GitHub PoC
CVE-2026-24061 — GNU InetUtils Telnetd Authentication Bypass Scanner
CVE-2026-24061CRITICALsob ataque01 jun 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
GitHub PoC
lucastran05/CVE-2026-29000
CVE-2026-29000CRITICAL01 jun 2026
pac4j-jwt JwtAuthenticator Authentication Bypass
48RISCO
abrir
GitHub PoC
afifudinmtop/MCPJam-Inspector-1.4.2-Remote-Code-Execution-CVE-2026-23744
CVE-2026-23744CRITICAL01 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC1
Exploits the CVE-2026-0257 vulnerability by forging a GlobalProtect authentication override cookie using the TLS server's public key.
CVE-2026-0257HIGHsob ataque01 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
GitHub PoC
Automated defect verification tool for 6 dnsmasq CVEs (CVE-2026-2291, 4890, 4891, 4892, 4893, 5172)
CVE-2026-2291HIGH01 jun 2026
CVE-2026-2291
41RISCO
abrir
GitHub PoC
tematemaru/CVE-2026-31431-simple-test
CVE-2026-31431HIGHsob ataque01 jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC2
CVE-2026-23744 RCE + Privilege Escalation
CVE-2026-23744CRITICAL31 mai 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC1
Interactive Ruby shell for authorized CVE-2025-55182 (react2shell) testing
CVE-2025-55182CRITICALsob ataqueransomware31 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
b1nhack/CVE-2024-1086
CVE-2024-1086HIGHsob ataqueransomware31 mai 2026
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISCO
abrir
GitHub PoC
CVE-2024-38475 exploitation & scanning tool with Mullvad VPN rotation
CVE-2024-38475CRITICALsob ataque31 mai 2026
Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
100RISCO
abrir
GitHub PoC
Dungsocool/CVE-2014-3120
CVE-2014-3120HIGHsob ataque31 mai 2026
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RISCO
abrir
GitHub PoC
Jeanback1/CVE-2019-9053-exploit
CVE-2019-905331 mai 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir
GitHub PoC
This exploit is based on CVE-2023-6553 and was built upon the original exploit by Chocapik, it was added that a direct reverse shell can be obtained.
CVE-2023-6553CRITICAL31 mai 2026
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RISCO
abrir
GitHub PoC
Jeanback1/CVE-2019-0211-exploit
CVE-2019-0211HIGHsob ataque31 mai 2026
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RISCO
abrir
GitHub PoC
Remote Code Execution in MCPJam 1.4.2 and older.
CVE-2026-23744CRITICAL31 mai 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC
CVE-2026-23744 — Proof of concept exploit for an unauthenticated Remote Code Execution vulnerability in MCPJam Inspector <= 1.4.2.
CVE-2026-23744CRITICAL31 mai 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC1
SrGinebras/CVE-2026-23744-RCE-for-MCPjam-inspector-v1.4.2
CVE-2026-23744CRITICAL31 mai 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC
CVE-2026-23744 PoC
CVE-2026-23744CRITICAL31 mai 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC
kavin-jindal/CVE-2026-48800-PoC
CVE-2026-48800HIGH31 mai 2026
Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection
41RISCO
abrir
GitHub PoC1
CVE-2026-45585
CVE-2026-45585MEDIUM31 mai 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir
GitHub PoC
CVE-2026-8836 — lwIP SNMPv3 stack-based buffer overflow PoC (CVSS 9.8)
CVE-2026-8836CRITICAL31 mai 2026
lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow
48RISCO
abrir
GitHub PoC
HAERIN-L/POC_CVE-2026-46716
CVE-2026-46716CRITICAL30 mai 2026
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
48RISCO
abrir
GitHub PoC
Delt-A/CVE-2024-36401-poc
CVE-2024-36401CRITICALsob ataque30 mai 2026
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RISCO
abrir
GitHub PoC
This exploit is based on CVE-2023-27350 and was built upon the original exploit by horizon3ai and the Metasploit module.
CVE-2023-27350CRITICALsob ataqueransomware30 mai 2026
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RISCO
abrir
GitHub PoC
SourceCodester Pharmacy Sales and Inventory System 1.0 - Vulnerable source code for CVE-2026-7392 SQL Injection
CVE-2026-7392MEDIUM30 mai 2026
SourceCodester Pharmacy Sales and Inventory System ajax.php delete_supplier sql injection
33RISCO
abrir
anteriorpágina 27 / 437próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.