Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.116 exploits
GitHub PoC★ 45
PoC for CVE-2026-28990, an ImageIO bug patched in iOS/macOS 26.5
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15
41RISCO
abrir ↗GitHub PoC
Proof-of-concept for CVE-2026-43494 (PinTheft): Linux LPE via RDS zerocopy refcount bug + io_uring fixed buffers → SUID page-cache overwrite. Authorized research only.
net/rds: reset op_nents when zerocopy page pin fails
41RISCO
abrir ↗GitHub PoC
Tomcat AJP文件读取/包含漏洞
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISCO
abrir ↗GitHub PoC
renewablehacking/CVE-2026-45321-Tanstack
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir ↗GitHub PoC
CVE-2026-38422 — Remote Code Execution via Combined Buffer Overflows in Tasmota fetch_jpg() (Tasmota <= 15.3.0.3)
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary cod
41RISCO
abrir ↗GitHub PoC
HAERIN-L/POC_CVE-2026-42880
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
48RISCO
abrir ↗GitHub PoC
CVE-2026-33712 - Typebot <= 3.15.2 Unauthenticated SSRF via isolated-vm sandbox fetch
TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls
48RISCO
abrir ↗GitHub PoC
CVE-2026-38426 — strcpy() Stack Buffer Overflow in Tasmota fetch_jpg() boundary[40] (Tasmota <= 15.3.0.3)
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary cod
41RISCO
abrir ↗GitHub PoC
The code for personally reproducing the corresponding vulnerability
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
41RISCO
abrir ↗GitHub PoC★ 2
copy_fail:CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
Tracking the nginx CVE-2026-9256 rewrite-module heap overflow
NGINX ngx_http_rewrite_module vulnerability
48RISCO
abrir ↗GitHub PoC★ 1
Automated scanner & post-exploitation toolkit for CVE-2026-41940 — cPanel & WHM root authentication bypass via session-file CRLF injection
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir ↗GitHub PoC
Lab detection exercise for DirtyFrag (CVE-2026-43284) - Linux kernel privilege escalation via xfrm-ESP page cache corruption. Full write-up covering exploit execution, detection gaps, and corrected EQL rules using Elastic Stack
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
Ambiente Docker para demonstração prática da CVE-2025-54236 (SessionReaper): PHP Object Deserialization levando a RCE em Magento Open Source 2.4.7
Adobe Commerce | Improper Input Validation (CWE-20)
100RISCO
abrir ↗GitHub PoC★ 3
CVE-2026-41096: Heap Overflow in the Windows DNS Client
Windows DNS Client Remote Code Execution Vulnerability
48RISCO
abrir ↗GitHub PoC
mein-0/cve-2026-29923
The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a
41RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-39987 Exploitation Tool - Marimo < 0.23.0 Pre-Auth RCE (WebSocket)
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISCO
abrir ↗GitHub PoC
Leemyunglyul/cve-2021-4034-mock
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir ↗GitHub PoC★ 4
BitLocker TPM+PIN Hardening Against CVE-2026-45585 (YellowKey)
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir ↗GitHub PoC
CVE-2025-55182 — Unauthenticated RCE in React Server Components (React2Shell). CVSS 10.0 exploit tool for authorized penetration testing.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
w3nch/CVE-2025-55182-in-go
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 7
Drupal CVE-2026-9082 Blind SQL Injection Checker
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir ↗GitHub PoC
🎓 PoC Educativo para CVE-2026-23520. Laboratorio de análisis de vulnerabilidades y mitigación controlada. 🧪
Arcane has a Command Injection in Arcane Updater Lifecycle Labels Enables RCE
48RISCO
abrir ↗GitHub PoC
CMS Made Simple CVE-2019-9053 Exploit (Python 3)
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir ↗GitHub PoC★ 1
Local Privilege Escalation in Amazon WorkSpaces via TOCTOU and Arbitrary File Write
Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpace
41RISCO
abrir ↗GitHub PoC
CVE-2026-20182
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir ↗GitHub PoC
CVE-2025-47812 Poc for wingdata HTB
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir ↗GitHub PoC
felisha-elmer/Sandbox-Challenge-Log4Shell-CVE-2021-44228-
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.