Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
71.062 exploits
GitHub PoC3
Palo Alto Networks PAN-OS contains an authentication bypass caused by flaws in the GlobalProtect portal and gateway, letting attackers establish unauthorized VPN connections, exploit requires network access to the portal or gateway.
CVE-2026-0257HIGHsob ataque03 jun 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
GitHub PoC6
Este repositorio contiene un Proof of Concept (POC) para CVE-2026-49975, también conocida como HTTP/2 Bomb, una vulnerabilidad de denegación de servicio (DoS) remoto que afecta a la mayoría de los servidores web principales en su configuración HTTP/2 predeterminada, incluyendo:
CVE-2026-49975HIGH03 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-23744CRITICAL03 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC
CVE-2026-9256 Nginx heap buffer overflow POC
CVE-2026-9256CRITICAL03 jun 2026
NGINX ngx_http_rewrite_module vulnerability
48RISCO
abrir
GitHub PoC1
PoC of CVE-2026-49943
CVE-2026-49943MEDIUM03 jun 2026
CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matchi
33RISCO
abrir
GitHub PoC1
go CVE-2026-31431 (CopyFail) local privilege escalation exploit
CVE-2026-31431HIGHsob ataque03 jun 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC1
Add go CVE-2026-43284 / CVE-2026-43500 (dirtyfrag) local privilege escalation exploit
CVE-2026-43284HIGH03 jun 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
Detection script for CIFSwitch - CVE-2026-46243
CVE-2026-46243HIGH03 jun 2026
smb: client: reject userspace cifs.spnego descriptions
41RISCO
abrir
GitHub PoC13
CVE-2026-41089 checker: unauthenticated, non-destructive detection for the Netlogon CLDAP stack buffer overflow (CVSS 9.8). Reports whether a domain controller's domain is long enough to crash, without sending the overflow. The binary-verified analysis the public PoCs got wrong.
CVE-2026-41089CRITICAL03 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RISCO
abrir
GitHub PoC3
Bulk scanning + one-click vulnerability exploitation
CVE-2026-42945CRITICAL03 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
PoC exploit for CVE-2026-23744 — unauthenticated RCE in MCPJam Inspector via unvalidated serverConfig command injection on /api/mcp/connect, enabling reverse shell as process owner without credentials.
CVE-2026-23744CRITICAL03 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC1
Rocket.Chat OAuth2 NoSQL Injection
CVE-2026-29198CRITICAL03 jun 2026
In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injection vulnerability c
48RISCO
abrir
GitHub PoC
lowilol/CVE-2026-42945-NGINX-Rift-Check-Script
CVE-2026-42945CRITICAL03 jun 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
jenniferreire26/CVE-2026-39987
CVE-2026-39987CRITICALsob ataque02 jun 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISCO
abrir
GitHub PoC
"A professional walkthrough of HTB: Shocker. Demonstrates remote directory fuzzing to discover CGI scripts, manual exploitation of the Shellshock vulnerability (CVE-2014-6271), and privilege escalation via misconfigured Sudo Perl permissions using GTFOBins vectors."
CVE-2014-6271CRITICALsob ataque02 jun 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
GitHub PoC2
Mass exploitation tool for CVE-2026-8206 – Unauthenticated Privilege Escalation via 'handle_forgot_password' in Kirki WordPress plugin (≤6.0.6).
CVE-2026-8206CRITICAL02 jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISCO
abrir
GitHub PoC
Ez4rd1x1/CVE-2026-8181
CVE-2026-8181CRITICAL02 jun 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-8206CRITICAL02 jun 2026
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2023-21839HIGHsob ataque02 jun 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RISCO
abrir
GitHub PoC
CVE-2026-31525 - Draft
CVE-2026-31525HIGH02 jun 2026
bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
41RISCO
abrir
GitHub PoC3
Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh.
CVE-2023-21839HIGHsob ataque02 jun 2026
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RISCO
abrir
GitHub PoC
AzDevops143/FRAGNESIA-Charan-cve-2026-46300
CVE-2026-46300HIGH02 jun 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
VulnCheck XDB
info-leak
CVE-2021-43798HIGHsob ataque02 jun 2026
Grafana path traversal
100RISCO
abrir
GitHub PoC
lorenzocamilli/CVE-2026-45332-PoC
CVE-2026-45332HIGH02 jun 2026
Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint
41RISCO
abrir
GitHub PoC6
CVE-2026-41089
CVE-2026-41089CRITICAL02 jun 2026
Windows Netlogon Remote Code Execution Vulnerability
70RISCO
abrir
GitHub PoC
Okymi-X/CVE-2021-43798
CVE-2021-43798HIGHsob ataque02 jun 2026
Grafana path traversal
100RISCO
abrir
GitHub PoC
Performed a Full & Fast vulnerability assessment using OpenVAS against Metasploitable2, identified the critical vsftpd Backdoor vulnerability (CVE-2011-2523), and developed containment, remediation, and incident response documentation.
CVE-2011-252302 jun 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC
entr0pie/demo-cve-2022-22947
CVE-2022-22947CRITICALsob ataque02 jun 2026
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RISCO
abrir
GitHub PoC
CVE-2026-23744 Proof-of-concept.
CVE-2026-23744CRITICAL02 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
GitHub PoC1
This utility was created during research involving MCPJam v1.4.2. The application exposes an API endpoint that accepts a server configuration object. Under certain conditions, insufficient validation may allow unintended command execution.
CVE-2026-23744CRITICAL02 jun 2026
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir
anteriorpágina 35 / 2.369próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.