Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC
This is POC repo for CVE-2026-48188
CVE-2026-48188CRITICAL25 mai 2026
SQL Injection via MySQL Quote Method
48RISCO
abrir
GitHub PoC45
PoC for CVE-2026-28990, an ImageIO bug patched in iOS/macOS 26.5
CVE-2026-28990HIGH25 mai 2026
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15
41RISCO
abrir
GitHub PoC
Proof-of-concept for CVE-2026-43494 (PinTheft): Linux LPE via RDS zerocopy refcount bug + io_uring fixed buffers → SUID page-cache overwrite. Authorized research only.
CVE-2026-43494HIGH25 mai 2026
net/rds: reset op_nents when zerocopy page pin fails
41RISCO
abrir
GitHub PoC
Tomcat AJP文件读取/包含漏洞
CVE-2020-1938CRITICALsob ataque25 mai 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISCO
abrir
GitHub PoC
renewablehacking/CVE-2026-45321-Tanstack
CVE-2026-45321CRITICALsob ataqueransomware25 mai 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir
GitHub PoC
CVE-2026-38422 — Remote Code Execution via Combined Buffer Overflows in Tasmota fetch_jpg() (Tasmota <= 15.3.0.3)
CVE-2026-38422HIGH25 mai 2026
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary cod
41RISCO
abrir
GitHub PoC
HAERIN-L/POC_CVE-2026-42880
CVE-2026-42880CRITICAL25 mai 2026
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
48RISCO
abrir
GitHub PoC
CVE-2026-33712 - Typebot <= 3.15.2 Unauthenticated SSRF via isolated-vm sandbox fetch
CVE-2026-33712CRITICAL25 mai 2026
TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls
48RISCO
abrir
GitHub PoC
CVE-2026-38426 — strcpy() Stack Buffer Overflow in Tasmota fetch_jpg() boundary[40] (Tasmota <= 15.3.0.3)
CVE-2026-38426HIGH25 mai 2026
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary cod
41RISCO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-47101HIGH25 mai 2026
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
41RISCO
abrir
GitHub PoC2
copy_fail:CVE-2026-31431
CVE-2026-31431HIGHsob ataque24 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Tracking the nginx CVE-2026-9256 rewrite-module heap overflow
CVE-2026-9256CRITICAL24 mai 2026
NGINX ngx_http_rewrite_module vulnerability
48RISCO
abrir
GitHub PoC1
Automated scanner & post-exploitation toolkit for CVE-2026-41940 — cPanel & WHM root authentication bypass via session-file CRLF injection
CVE-2026-41940CRITICALsob ataqueransomware24 mai 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC
Lab detection exercise for DirtyFrag (CVE-2026-43284) - Linux kernel privilege escalation via xfrm-ESP page cache corruption. Full write-up covering exploit execution, detection gaps, and corrected EQL rules using Elastic Stack
CVE-2026-43284HIGH24 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
Ambiente Docker para demonstração prática da CVE-2025-54236 (SessionReaper): PHP Object Deserialization levando a RCE em Magento Open Source 2.4.7
CVE-2025-54236CRITICALsob ataque24 mai 2026
Adobe Commerce | Improper Input Validation (CWE-20)
100RISCO
abrir
GitHub PoC3
CVE-2026-41096: Heap Overflow in the Windows DNS Client
CVE-2026-41096CRITICAL24 mai 2026
Windows DNS Client Remote Code Execution Vulnerability
48RISCO
abrir
GitHub PoC39
windows api bug
CVE-2026-41096CRITICAL24 mai 2026
Windows DNS Client Remote Code Execution Vulnerability
48RISCO
abrir
GitHub PoC
mein-0/cve-2026-29923
CVE-2026-29923HIGH24 mai 2026
The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a
41RISCO
abrir
GitHub PoC1
CVE-2026-39987 Exploitation Tool - Marimo < 0.23.0 Pre-Auth RCE (WebSocket)
CVE-2026-39987CRITICALsob ataque24 mai 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISCO
abrir
GitHub PoC
Leemyunglyul/cve-2021-4034-mock
CVE-2021-4034HIGHsob ataque24 mai 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC4
BitLocker TPM+PIN Hardening Against CVE-2026-45585 (YellowKey)
CVE-2026-45585MEDIUM24 mai 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir
GitHub PoC
CVE-2025-55182 — Unauthenticated RCE in React Server Components (React2Shell). CVSS 10.0 exploit tool for authorized penetration testing.
CVE-2025-55182CRITICALsob ataqueransomware24 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
w3nch/CVE-2025-55182-in-go
CVE-2025-55182CRITICALsob ataqueransomware24 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC7
Drupal CVE-2026-9082 Blind SQL Injection Checker
CVE-2026-9082CRITICALsob ataque24 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
🎓 PoC Educativo para CVE-2026-23520. Laboratorio de análisis de vulnerabilidades y mitigación controlada. 🧪
CVE-2026-23520CRITICAL24 mai 2026
Arcane has a Command Injection in Arcane Updater Lifecycle Labels Enables RCE
48RISCO
abrir
GitHub PoC
CMS Made Simple CVE-2019-9053 Exploit (Python 3)
CVE-2019-905324 mai 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir
GitHub PoC1
Local Privilege Escalation in Amazon WorkSpaces via TOCTOU and Arbitrary File Write
CVE-2026-7791HIGH24 mai 2026
Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpace
41RISCO
abrir
GitHub PoC
CVE-2026-20182
CVE-2026-20182CRITICALsob ataque24 mai 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir
GitHub PoC
CVE-2025-47812 Poc for wingdata HTB
CVE-2025-47812CRITICALsob ataque24 mai 2026
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir
GitHub PoC
felisha-elmer/Sandbox-Challenge-Log4Shell-CVE-2021-44228-
CVE-2021-44228CRITICALsob ataqueransomware23 mai 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
anteriorpágina 33 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.