Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.046exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
22.467 exploits
Exploit-DB
Frigate NVR 0.16.3 - Remote Code Execution
CVE-2026-25643CRITICAL30 abr 2026
Frigate Affected by Authenticated Remote Command Execution (RCE) and Container Escape
48RISCO
abrir
Exploit-DB
Windows 11 23H2 - Denial of Service (DoS)
CVE-2025-47987HIGH30 abr 2026
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
41RISCO
abrir
Exploit-DB
Js2Py 0.74 - RCE
CVE-2024-28397MEDIUM30 abr 2026
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RISCO
abrir
Exploit-DB
Repetier-Server 1.4.10 - Path Traversal
CVE-2026-26335CRITICAL30 abr 2026
Calero VeraSMART < 2022 R1 Static IIS Machine Keys Enable ViewState RCE
48RISCO
abrir
Exploit-DB
Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap
CVE-2026-2441HIGHsob ataque30 abr 2026
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RISCO
abrir
Exploit-DB
FUXA 1.2.8 - Authentication Bypass + RCE Exploit
CVE-2025-69985CRITICAL30 abr 2026
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnera
48RISCO
abrir
Exploit-DB
SUSE Manager 4.3.15 - Code Execution
CVE-2025-46811CRITICAL30 abr 2026
SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint
53RISCO
abrir
Exploit-DB
Erugo 0.2.14 - Remote Code Execution (RCE)
CVE-2026-24897CRITICAL30 abr 2026
Authenticated Remote Code Execution via Arbitrary File Upload
48RISCO
abrir
Exploit-DB
JUNG Smart Visu Server 1.1.1050 - Dos
CVE-2026-26235HIGH30 abr 2026
JUNG Smart Visu Server 1.1.1050 - 'JUNG Smart Visu Server' Missing Authentication
41RISCO
abrir
Exploit-DB
Python-Multipart 0.0.22 - Path Traversal
CVE-2026-24486HIGH30 abr 2026
Python-Multipart has Arbitrary File Write via Non-Default Configuration
41RISCO
abrir
Exploit-DB
NiceGUI 3.6.1 - Path Traversal
CVE-2026-25732HIGH30 abr 2026
NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write
41RISCO
abrir
Exploit-DB
Windows 11 25H2 - Heap Overflow
CVE-2026-21248HIGH30 abr 2026
Windows Hyper-V Remote Code Execution Vulnerability
41RISCO
abrir
Exploit-DB
Windows 11 25H2 - Heap Overflow
CVE-2026-21244HIGH30 abr 2026
Windows Hyper-V Remote Code Execution Vulnerability
41RISCO
abrir
Exploit-DB
Camaleon CMS v2.9.0 - Path Traversal
CVE-2024-46987HIGH30 abr 2026
Arbitrary path traversal in Camaleon CMS
61RISCO
abrir
Exploit-DB
HUSTOJ Zip-Slip v26.01.24 - RCE
CVE-2026-24479CRITICAL30 abr 2026
HUSTOJ has Arbitrary File Write (Zip Slip) in Problem Import Modules that leads to RCE
63RISCO
abrir
Exploit-DB
LangChain Core 1.2.4 - SSTI/RCE
CVE-2025-68664CRITICAL29 abr 2026
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
53RISCO
abrir
Exploit-DB
Craft CMS 5.6.16 - RCE
CVE-2025-32432CRITICALsob ataque29 abr 2026
Craft CMS Allows Remote Code Execution
100RISCO
abrir
Exploit-DB
GeographicLib v2.5.1 - stack buffer overflow
CVE-2025-60751HIGH29 abr 2026
GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode.
41RISCO
abrir
Exploit-DB
GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation
CVE-2026-24061CRITICALsob ataque29 abr 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
Exploit-DB
phpMyFAQ 4.0.16 - Improper Authorization
CVE-2026-24421MEDIUM29 abr 2026
phpMyFAQ missing authorization exposes /api/setup/backup to any authenticated user
33RISCO
abrir
Exploit-DB
GUnet OpenEclass E-learning platform < 4.2 - Remote Code Execution (RCE)
CVE-2026-22241HIGH29 abr 2026
Open eClass has Unrestricted File Upload that Leads to Remote Code Execution (RCE)
41RISCO
abrir
Exploit-DB
Atlona ATOMERX21 - Authenticated Command Injection
CVE-2024-30167MEDIUM29 abr 2026
/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary comm
33RISCO
abrir
Exploit-DB
HAX CMS 24.x - Stored Cross-Site Scripting (XSS)
CVE-2026-22704HIGH29 abr 2026
HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover
41RISCO
abrir
Exploit-DB
Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation
CVE-2025-7771HIGH22 abr 2026
Code Execution / Escalation of Privileges in ThrottleStop
41RISCO
abrir
Exploit-DB
React Server 19.2.0 - Remote Code Execution
CVE-2025-55182CRITICALsob ataqueransomware09 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
Exploit-DB
Horilla v1.3 - RCE
CVE-2025-48868HIGH08 abr 2026
Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive
41RISCO
abrir
Exploit-DB
SQLite 3.50.1 - Heap Overflow
CVE-2025-6965HIGH08 abr 2026
Integer Truncation on SQLite
63RISCO
abrir
Exploit-DB
xibocms 3.3.4 - RCE
CVE-2023-33177HIGH08 abr 2026
Xibo CMS vulnerable to Remote Code Execution through Zip Slip
41RISCO
abrir
Exploit-DB
7-Zip 24.00 - Directory Traversal
CVE-2025-11001HIGH08 abr 2026
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
46RISCO
abrir
Exploit-DB
Microsoft MMC MSC EvilTwin - Local Admin Creation
CVE-2025-26633HIGHsob ataqueransomware08 abr 2026
Microsoft Management Console Security Feature Bypass Vulnerability
83RISCO
abrir

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.