Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.116 exploits
GitHub PoC
CVE-2026-0300 PAN-OS 12.1, 11.2, 11.1, 10.2
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
90RISCO
abrir ↗GitHub PoC
Scanner para identificação de servidores com softwares SSH possivelmente vulnerável às CVEs CVE-2024-6387 e CVE-2023-48795.
Openssh: regresshion - race condition in ssh allows rce/dos
63RISCO
abrir ↗GitHub PoC★ 1
More portable POC of copyfail LPE (CVE-2026-31431) that works on Alpine Linux
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
CVE-2026-31431-CopyFail---Minified-LPE-PoC
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
yangh-beep/CVE-2026-31431-C
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 2
Langflow Arbitrary Directory Deletion
Langflow: Path Traversal in Langflow Knowledge Bases API
48RISCO
abrir ↗GitHub PoC
Vulnerability Case Study: CVE-2026-33829 (Windows Snipping Tool NTLM Coercion)
Windows Snipping Tool Spoofing Vulnerability
33RISCO
abrir ↗GitHub PoC
CVE-2026-45829
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an un
53RISCO
abrir ↗GitHub PoC★ 1
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload → RCE
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload
48RISCO
abrir ↗GitHub PoC★ 1
PoC for CVE-2026-9082 (Drupal SA-CORE-2026-004) Drupal Core SQLi
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir ↗GitHub PoC★ 20
Drupal Core PostgreSQL SQL Injection PoC - CVE-2026-9082. Ethical PoC for the Drupal vulnerability allowing anonymous SQL injection through the JSON:API module on PostgreSQL-backed sites.
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-9082
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-9082 | SA-CORE-2026-004
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir ↗GitHub PoC
CVE-2026-46680 exploit
containerd user ID handling bypass allows runAsNonRoot evasion
41RISCO
abrir ↗GitHub PoC
Synthetic demo target for EXPOSURE — CVE-2018-21268 (traceroute) + CVE-2018-3757 (pdf-image)
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host para
48RISCO
abrir ↗GitHub PoC★ 23
An automated exploit for CVE-2026-0073 (Android ADB TLS Auth Bypass). Features a built-in mDNS/Zeroconf scanner to instantly discover randomized Wireless Debugging ports on Android 13+ and establishes a fully interactive raw PTY shell.
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISCO
abrir ↗GitHub PoC
a24ac1/CVE-2026-0740
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISCO
abrir ↗GitHub PoC
Outdated Ghost CMS websites that have fallen become compromised from CVE-2026-26980 can suffer from spam code injection to pages. Use this to mass clear and edit code injection fields.
Ghost has a SQL Injection in its Content API
75RISCO
abrir ↗GitHub PoC★ 3
CVE-2026-42945 - NGINX Rift Toolkit
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir ↗GitHub PoC
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
rxrpc: fix oversized RESPONSE authenticator length check
41RISCO
abrir ↗GitHub PoC★ 2
A Go implementation of fragnesia (CVE-2026-46300)
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir ↗GitHub PoC
Exploit for CVE-2026-41651 - PackageKit TOCTOU Local Privilege Escalation (Pack2TheRoot)
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
41RISCO
abrir ↗GitHub PoC
The code for personally reproducing the corresponding vulnerability
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RISCO
abrir ↗GitHub PoC
A small script to apply Yellowkey mitigation based on CVE-2026-45585 instructions
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir ↗GitHub PoC
Se realizó una evaluación de vulnerabilidades sobre una máquina virtual con Kali Linux utilizando un script detector para la vulnerabilidad Dirty Frag, asociada a las CVE-2026-43284 y CVE-2026-43500. Posteriormente se ejecutó un Proof of Concept (PoC) público escrito en lenguaje C para validar la posibilidad de realizar una escalada local
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.