Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC
xxconi/CVE-2026-6271
CVE-2026-6271CRITICAL26 mai 2026
Career Section <= 1.7 - Unauthenticated Arbitrary File Upload
48RISCO
abrir
GitHub PoC1
Cisco Catalyst SD-WAN Peering Authentication Bypass
CVE-2026-20182CRITICALsob ataque26 mai 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir
GitHub PoC
CVE-2026-5718: Unauthenticated File Upload To RCE in DnD Upload CF7 Plugin
CVE-2026-5718HIGH26 mai 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISCO
abrir
GitHub PoC
Dungsocool/CVE-2017-5638
CVE-2017-5638CRITICALsob ataqueransomware26 mai 2026
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISCO
abrir
GitHub PoC
xl337x/CVE-2023-31902
CVE-2023-31902CRITICAL26 mai 2026
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).
63RISCO
abrir
GitHub PoC
CVE-2021-43798 MiNi Exploitation Framework
CVE-2021-43798HIGHsob ataque26 mai 2026
Grafana path traversal
100RISCO
abrir
GitHub PoC1
Proof-of-concept for CVE-2026-43284 — 4-byte XFRM/ESP page-cache write primitive to patch a setuid binary (x86_64, user namespaces). Includes kernel preflight + SUID scan.
CVE-2026-43284HIGH26 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
Educational lab demonstrating CVE-2025-55182: Critical RCE in React Server Components via prototype pollution in the Flight protocol
CVE-2025-55182CRITICALsob ataqueransomware26 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
CVE-2026-5229: Form Notify Auth Bypass via LINE OAuth Callback (CVSS 9.8)
CVE-2026-5229CRITICAL26 mai 2026
Receive Notifications After Form Submitting – Form Notify for Any Forms <= 1.1.10 - Unauthenticated Authentication Bypass via LINE OAuth Callback
48RISCO
abrir
GitHub PoC
CVE-2026-6741 is a CVSS 8.8 (High) Authenticated (Agent+) Privilege Escalation vulnerability in the LatePoint – Calendar Booking Plugin
CVE-2026-6741HIGH26 mai 2026
LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability
41RISCO
abrir
GitHub PoC
CVE-2026-48095
CVE-2026-48095HIGH26 mai 2026
GHSL-2026-140_7-Zip: 7-Zip has a heap buffer overflow via NTFS compressed stream buffer under-allocation
41RISCO
abrir
GitHub PoC
xxconi/CVE-2026-46275
CVE-2026-46275HIGH26 mai 2026
Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths
41RISCO
abrir
GitHub PoC
Proof-of-concept for CVE-2026-43494 (PinTheft): Linux LPE via RDS zerocopy refcount bug + io_uring fixed buffers → SUID page-cache overwrite. Authorized research only.
CVE-2026-43494HIGH25 mai 2026
net/rds: reset op_nents when zerocopy page pin fails
41RISCO
abrir
GitHub PoC1
Proof-of-concept for CVE-2026-43494 (PinTheft): Linux LPE via RDS zerocopy refcount bug + io_uring fixed buffers → SUID page-cache overwrite. Authorized research only.
CVE-2026-43494HIGH25 mai 2026
net/rds: reset op_nents when zerocopy page pin fails
41RISCO
abrir
GitHub PoC
CVE-2026-33712 - Typebot <= 3.15.2 Unauthenticated SSRF via isolated-vm sandbox fetch
CVE-2026-33712CRITICAL25 mai 2026
TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls
48RISCO
abrir
GitHub PoC
renewablehacking/CVE-2026-45321-Tanstack
CVE-2026-45321CRITICALsob ataqueransomware25 mai 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir
GitHub PoC6
CVE-2025-55182 Exploit Tool – Python 2.7 exploit for Next.js prototype pollution leading to RCE
CVE-2025-55182CRITICALsob ataqueransomware25 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
CVE-2026-38427 — Integer Wraparound → Heap Buffer Overflow in Tasmota fetch_jpg() uint16_t (Tasmota <= 15.3.0.3)
CVE-2026-38427HIGH25 mai 2026
An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffe
41RISCO
abrir
GitHub PoC
This is POC repo for CVE-2026-48208
CVE-2026-48208MEDIUM25 mai 2026
Denial-of-Service via SVG Rendering in Ticket
33RISCO
abrir
GitHub PoC
HAERIN-L/POC_CVE-2026-42880
CVE-2026-42880CRITICAL25 mai 2026
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
48RISCO
abrir
GitHub PoC
This is POC repo for CVE-2026-48188
CVE-2026-48188CRITICAL25 mai 2026
SQL Injection via MySQL Quote Method
48RISCO
abrir
GitHub PoC29
CVE-2026-0091, play with an issue in android window management to perform arbitrary code execution in Launcher process from adb
CVE-2026-0091HIGH25 mai 2026
In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell u
41RISCO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-47101HIGH25 mai 2026
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
41RISCO
abrir
GitHub PoC
CVE-2026-38426 — strcpy() Stack Buffer Overflow in Tasmota fetch_jpg() boundary[40] (Tasmota <= 15.3.0.3)
CVE-2026-38426HIGH25 mai 2026
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary cod
41RISCO
abrir
GitHub PoC
notthemystery/CVE-2026-20700-POC-that-ll-never-work
CVE-2026-20700HIGHsob ataque25 mai 2026
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3,
71RISCO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-47102HIGH25 mai 2026
LiteLLM < 1.83.10 Privilege Escalation via User Update
41RISCO
abrir
GitHub PoC
XWiki Platform - CVE-2026-33137 PoC - Unauthenticated XAR Import via REST /wikis/{wikiName}
CVE-2026-33137CRITICAL25 mai 2026
XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
48RISCO
abrir
GitHub PoC5
CVE-2026-42945 NGINX 堆溢出漏洞扫描与验证工具
CVE-2026-42945CRITICAL25 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC2
CVE-2026-36239 | Authenticated RCE in PbootCMS ≤3.2.12
CVE-2026-36239MEDIUM25 mai 2026
PbootCMS v.3.2.11 contains a code injection vulnerability in its site configuration functionality
33RISCO
abrir
GitHub PoC
Multi-language PoC (Python · Go · JS · C) and technical documentation for CVE-2025-63353, a critical predictable-default-PSK vulnerability in FiberHome HG6145F1 GPON ONT devices.
CVE-2025-63353CRITICAL25 mai 2026
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-s
48RISCO
abrir
anteriorpágina 32 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.