Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC
CVE-2026-0300 PAN-OS 12.1, 11.2, 11.1, 10.2
CVE-2026-0300CRITICALsob ataque21 mai 2026
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
90RISCO
abrir
GitHub PoC
Scanner para identificação de servidores com softwares SSH possivelmente vulnerável às CVEs CVE-2024-6387 e CVE-2023-48795.
CVE-2024-6387HIGH21 mai 2026
Openssh: regresshion - race condition in ssh allows rce/dos
63RISCO
abrir
GitHub PoC1
More portable POC of copyfail LPE (CVE-2026-31431) that works on Alpine Linux
CVE-2026-31431HIGHsob ataque21 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
CVE-2026-31431-CopyFail---Minified-LPE-PoC
CVE-2026-31431HIGHsob ataque21 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
yangh-beep/CVE-2026-31431-C
CVE-2026-31431HIGHsob ataque21 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
ercihan/CVE-2026-40369
CVE-2026-40369HIGH21 mai 2026
Windows Kernel Elevation of Privilege Vulnerability
41RISCO
abrir
GitHub PoC2
Langflow Arbitrary Directory Deletion
CVE-2026-42048CRITICAL21 mai 2026
Langflow: Path Traversal in Langflow Knowledge Bases API
48RISCO
abrir
GitHub PoC
Vulnerability Case Study: CVE-2026-33829 (Windows Snipping Tool NTLM Coercion)
CVE-2026-33829MEDIUM21 mai 2026
Windows Snipping Tool Spoofing Vulnerability
33RISCO
abrir
GitHub PoC4
PoC for CVE-2024-6678
CVE-2024-6678CRITICAL21 mai 2026
Authentication Bypass by Spoofing in GitLab
48RISCO
abrir
GitHub PoC
CVE-2026-45829
CVE-2026-45829CRITICAL21 mai 2026
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an un
53RISCO
abrir
GitHub PoC1
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload → RCE
CVE-2026-4885CRITICAL21 mai 2026
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload
48RISCO
abrir
GitHub PoC11
CVE-2026-41091
CVE-2026-41091HIGHsob ataque21 mai 2026
Microsoft Defender Elevation of Privilege Vulnerability
71RISCO
abrir
GitHub PoC1
PoC for CVE-2026-9082 (Drupal SA-CORE-2026-004) Drupal Core SQLi
CVE-2026-9082CRITICALsob ataque21 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC20
Drupal Core PostgreSQL SQL Injection PoC - CVE-2026-9082. Ethical PoC for the Drupal vulnerability allowing anonymous SQL injection through the JSON:API module on PostgreSQL-backed sites.
CVE-2026-9082CRITICALsob ataque21 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC1
CVE-2026-9082
CVE-2026-9082CRITICALsob ataque21 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
cve poc
CVE-2026-9082CRITICALsob ataque21 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC2
CVE-2026-9082 | SA-CORE-2026-004
CVE-2026-9082CRITICALsob ataque21 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
CVE-2026-46680 exploit
CVE-2026-46680HIGH21 mai 2026
containerd user ID handling bypass allows runAsNonRoot evasion
41RISCO
abrir
GitHub PoC
Synthetic demo target for EXPOSURE — CVE-2018-21268 (traceroute) + CVE-2018-3757 (pdf-image)
CVE-2018-21268CRITICAL21 mai 2026
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host para
48RISCO
abrir
GitHub PoC23
An automated exploit for CVE-2026-0073 (Android ADB TLS Auth Bypass). Features a built-in mDNS/Zeroconf scanner to instantly discover randomized Wireless Debugging ports on Android 13+ and establishes a fully interactive raw PTY shell.
CVE-2026-0073HIGH20 mai 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISCO
abrir
GitHub PoC
a24ac1/CVE-2026-0740
CVE-2026-0740CRITICAL20 mai 2026
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISCO
abrir
GitHub PoC
Outdated Ghost CMS websites that have fallen become compromised from CVE-2026-26980 can suffer from spam code injection to pages. Use this to mass clear and edit code injection fields.
CVE-2026-26980CRITICAL20 mai 2026
Ghost has a SQL Injection in its Content API
75RISCO
abrir
GitHub PoC
gitgudKrish/cve-2025-29927-nextjs
CVE-2025-29927CRITICAL20 mai 2026
Authorization Bypass in Next.js Middleware
85RISCO
abrir
GitHub PoC3
CVE-2026-42945 - NGINX Rift Toolkit
CVE-2026-42945CRITICAL20 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
CVE-2026-31635HIGH20 mai 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RISCO
abrir
GitHub PoC2
A Go implementation of fragnesia (CVE-2026-46300)
CVE-2026-46300HIGH20 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC
Exploit for CVE-2026-41651 - PackageKit TOCTOU Local Privilege Escalation (Pack2TheRoot)
CVE-2026-41651HIGH20 mai 2026
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
41RISCO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-42271HIGHsob ataque20 mai 2026
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RISCO
abrir
GitHub PoC
A small script to apply Yellowkey mitigation based on CVE-2026-45585 instructions
CVE-2026-45585MEDIUM20 mai 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir
GitHub PoC
Se realizó una evaluación de vulnerabilidades sobre una máquina virtual con Kali Linux utilizando un script detector para la vulnerabilidad Dirty Frag, asociada a las CVE-2026-43284 y CVE-2026-43500. Posteriormente se ejecutó un Proof of Concept (PoC) público escrito en lenguaje C para validar la posibilidad de realizar una escalada local
CVE-2026-43284HIGH20 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
anteriorpágina 36 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.