Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.116 exploits
GitHub PoC
xxconi/CVE-2026-6271
Career Section <= 1.7 - Unauthenticated Arbitrary File Upload
48RISCO
abrir ↗GitHub PoC★ 1
Cisco Catalyst SD-WAN Peering Authentication Bypass
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir ↗GitHub PoC
CVE-2026-5718: Unauthenticated File Upload To RCE in DnD Upload CF7 Plugin
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISCO
abrir ↗GitHub PoC
Dungsocool/CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISCO
abrir ↗GitHub PoC
xl337x/CVE-2023-31902
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).
63RISCO
abrir ↗GitHub PoC★ 1
Proof-of-concept for CVE-2026-43284 — 4-byte XFRM/ESP page-cache write primitive to patch a setuid binary (x86_64, user namespaces). Includes kernel preflight + SUID scan.
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
Educational lab demonstrating CVE-2025-55182: Critical RCE in React Server Components via prototype pollution in the Flight protocol
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
CVE-2026-5229: Form Notify Auth Bypass via LINE OAuth Callback (CVSS 9.8)
Receive Notifications After Form Submitting – Form Notify for Any Forms <= 1.1.10 - Unauthenticated Authentication Bypass via LINE OAuth Callback
48RISCO
abrir ↗GitHub PoC
CVE-2026-6741 is a CVSS 8.8 (High) Authenticated (Agent+) Privilege Escalation vulnerability in the LatePoint – Calendar Booking Plugin
LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability
41RISCO
abrir ↗GitHub PoC
CVE-2026-48095
GHSL-2026-140_7-Zip: 7-Zip has a heap buffer overflow via NTFS compressed stream buffer under-allocation
41RISCO
abrir ↗GitHub PoC
xxconi/CVE-2026-46275
Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths
41RISCO
abrir ↗GitHub PoC
Proof-of-concept for CVE-2026-43494 (PinTheft): Linux LPE via RDS zerocopy refcount bug + io_uring fixed buffers → SUID page-cache overwrite. Authorized research only.
net/rds: reset op_nents when zerocopy page pin fails
41RISCO
abrir ↗GitHub PoC★ 1
Proof-of-concept for CVE-2026-43494 (PinTheft): Linux LPE via RDS zerocopy refcount bug + io_uring fixed buffers → SUID page-cache overwrite. Authorized research only.
net/rds: reset op_nents when zerocopy page pin fails
41RISCO
abrir ↗GitHub PoC
CVE-2026-33712 - Typebot <= 3.15.2 Unauthenticated SSRF via isolated-vm sandbox fetch
TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls
48RISCO
abrir ↗GitHub PoC
renewablehacking/CVE-2026-45321-Tanstack
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir ↗GitHub PoC★ 6
CVE-2025-55182 Exploit Tool – Python 2.7 exploit for Next.js prototype pollution leading to RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
CVE-2026-38427 — Integer Wraparound → Heap Buffer Overflow in Tasmota fetch_jpg() uint16_t (Tasmota <= 15.3.0.3)
An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffe
41RISCO
abrir ↗GitHub PoC
This is POC repo for CVE-2026-48208
Denial-of-Service via SVG Rendering in Ticket
33RISCO
abrir ↗GitHub PoC
HAERIN-L/POC_CVE-2026-42880
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
48RISCO
abrir ↗GitHub PoC★ 29
CVE-2026-0091, play with an issue in android window management to perform arbitrary code execution in Launcher process from adb
In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell u
41RISCO
abrir ↗GitHub PoC
The code for personally reproducing the corresponding vulnerability
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
41RISCO
abrir ↗GitHub PoC
CVE-2026-38426 — strcpy() Stack Buffer Overflow in Tasmota fetch_jpg() boundary[40] (Tasmota <= 15.3.0.3)
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary cod
41RISCO
abrir ↗GitHub PoC
notthemystery/CVE-2026-20700-POC-that-ll-never-work
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3,
71RISCO
abrir ↗GitHub PoC
The code for personally reproducing the corresponding vulnerability
LiteLLM < 1.83.10 Privilege Escalation via User Update
41RISCO
abrir ↗GitHub PoC
XWiki Platform - CVE-2026-33137 PoC - Unauthenticated XAR Import via REST /wikis/{wikiName}
XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
48RISCO
abrir ↗GitHub PoC★ 5
CVE-2026-42945 NGINX 堆溢出漏洞扫描与验证工具
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-36239 | Authenticated RCE in PbootCMS ≤3.2.12
PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality
33RISCO
abrir ↗GitHub PoC
Multi-language PoC (Python · Go · JS · C) and technical documentation for CVE-2025-63353, a critical predictable-default-PSK vulnerability in FiberHome HG6145F1 GPON ONT devices.
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-s
48RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.