Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC3
CVE-2026-33825
CVE-2026-33825HIGHsob ataqueransomware18 mai 2026
Microsoft Defender Elevation of Privilege Vulnerability
71RISCO
abrir
GitHub PoC4
IKEv2, ikeext.dll, CVE-2026-33824, double free, heap grooming, ROP, SKF fragmentation, Windows exploit, anti-debug, obfuscation, API hooking, shellcode, reverse shell
CVE-2026-33824CRITICAL18 mai 2026
Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
60RISCO
abrir
GitHub PoC6
Research artifacts, PoC scripts, and lab assets for the Copy Fail Linux local privilege escalation writeup on https://4xura.com/binex/kernel/copy-fail
CVE-2026-31431HIGHsob ataque18 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Detection and mitigation tooling for CVE-2026-31431 (Copy Fail) on Linux kernels. Includes Phalanx-CCS and Silent4Labs scripts plus an Ansible playbook to apply temporary mitigation (block algif_aead module or boot parameter) across servers.
CVE-2026-31431HIGHsob ataque18 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
cj667113/OCI-Ansible-Fix-CVE-2026-31431
CVE-2026-31431HIGHsob ataque18 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC3
暂无
CVE-2026-39636MEDIUM18 mai 2026
WordPress Livemesh Addons for Elementor plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability
33RISCO
abrir
GitHub PoC
a.k.a. React2Shell
CVE-2025-55182CRITICALsob ataqueransomware18 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Python script to sweep a fleet of Palo Alto firewalls and Panoramas via SSH, check PAN-OS version against CVE-2026-0265 (Authentication Bypass via Cloud Authentication Service), detect whether CAS is actually configured, and report exploitability in a color-coded summary table.
CVE-2026-0265HIGH17 mai 2026
PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled
41RISCO
abrir
GitHub PoC1
Use CVE-2026-46333 and CVE-2026-31431 to change any user's password.
CVE-2026-46333HIGH17 mai 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISCO
abrir
GitHub PoC3
CVE-2026-31431 (Copy Fail) — Análisis y desarrollo en Ensamblador x86-64 | Analysis and development in x86-64 Assembly
CVE-2026-31431HIGHsob ataque17 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
MuharremK0/Info-Sys-Security-CVE-2025-55182
CVE-2025-55182CRITICALsob ataqueransomware17 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Linux kernel root exploit
CVE-2026-46300HIGH17 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC3
🛡️ Script to test for NGINX CVE-2026-42945
CVE-2026-42945CRITICAL17 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC35
CVE-2026-46333
CVE-2026-46333HIGH17 mai 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISCO
abrir
GitHub PoC1
Use CVE-2026-46333 and CVE-2026-31431 to change any user's password.
CVE-2026-46333HIGH17 mai 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISCO
abrir
GitHub PoC4
PoC for CVE-2023-2825: automated GitLab 16.0.0 arbitrary file read via nested public groups, project upload traversal, reusable upload paths, and clean CLI output.
CVE-2023-2825CRITICAL17 mai 2026
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a
85RISCO
abrir
GitHub PoC1
Renison-Gohel/CVE-2026-42945-NGINX-Rift
CVE-2026-42945CRITICAL17 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
CVE-2026-8181 | Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
CVE-2026-8181CRITICAL17 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
GitHub PoC
Authenticated RCE PoC for Flowise version <= 3.0.5 via CustomMCP Node (CVE-2025-59528)
CVE-2025-59528CRITICAL17 mai 2026
Flowise has Remote Code Execution vulnerability
85RISCO
abrir
GitHub PoC
DFIR investigation + 7 Suricata rules on a simulated NexaCorp intrusion (vsftpd 2.3.4 CVE-2011-2523 + MITRE Caldera C2). 4-day solo engagement (BeCode Brussels Mission 01). 54-page report, 10 findings, 7/7 rules validated by PCAP replay.
CVE-2011-252317 mai 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-8181-Lab
CVE-2026-8181CRITICAL17 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
GitHub PoC1
usmansec/-CVE-2021-4034
CVE-2021-4034HIGHsob ataque17 mai 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC5
Research on `pidfd_getfd(2)`-based file descriptor leakage from privileged SUID processes. Demonstrates race-condition FD capture against OpenSSH `ssh-keysign` and exposure of sensitive root-owned file handles.
CVE-2026-46333HIGH17 mai 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISCO
abrir
GitHub PoC6
CHARON — pre-built PoC for CVE-2026-46333 (Linux ptrace mm==NULL fd theft)
CVE-2026-46333HIGH16 mai 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISCO
abrir
GitHub PoC
Estudio del bug CVE-2026-31431
CVE-2026-31431HIGHsob ataque16 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Read-only cPanel CVE-2026-41940 IOC detector for .sorry ransomware, Mr_Rot13 Filemanager backdoors, C2 callbacks, cron, SSH, and logs.
CVE-2026-41940CRITICALsob ataqueransomware16 mai 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC
lwd3c/CVE-2026-46586
CVE-2026-46586HIGH16 mai 2026
Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution
21RISCO
abrir
GitHub PoC
Source-built nginx 1.25.5 container with backported CVE-2026-42945 fix, OpenSSL bump, full provenance chain, and VEX attestation.
CVE-2026-42945CRITICAL16 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC1
Technical PoC for CVE-2025-59528 (Flowise < 3.0.5), demonstrating authenticated RCE through customMCP mcpServerConfig injection, with clear bilingual documentation and reproducible steps for authorized security testing.
CVE-2025-59528CRITICAL16 mai 2026
Flowise has Remote Code Execution vulnerability
85RISCO
abrir
GitHub PoC13
Evince/xreader/Atril RCE exploit to CVE-2026-46529
CVE-2026-46529HIGH16 mai 2026
PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
41RISCO
abrir
anteriorpágina 39 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.