Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.053exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.060Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.086 exploits
GitHub PoC★ 1
Reproducer for CVE-2026-40858 — Apache Camel camel-infinispan remote aggregation repository unsafe deserialization (RCE)
Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository
41RISCO
abrir ↗GitHub PoC
Reproducer for CVE-2026-40860 — Apache Camel camel-jms/sjms/amqp JMS ObjectMessage unsafe deserialization (RCE)
Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp
48RISCO
abrir ↗GitHub PoC★ 2
A Proof of Concept (PoC) exploit for CVE-2026-46331
net/sched: fix pedit partial COW leading to page cache corruption
41RISCO
abrir ↗GitHub PoC
CVE-2026-54390 — JTL Shop Smarty SSTI RCE | Pre-Auth Template Injection via fetch('string:' . ) | 5.2.0-5.7.1
JTL Shop < 5.7.2 Server-Side Template Injection via Smarty Renderer
48RISCO
abrir ↗GitHub PoC
PoC for CVE-2026-56423: MISP deleteSelection broken access control (CWE-862, contributor hard-deletes other orgs' Event Reports/Sharing Groups, CVSS 8.8)
MISP Core: Broken access control allows instance-wide unauthorized deletion of event reports and sharing groups via bulk deletion endpoints
48RISCO
abrir ↗GitHub PoC
Dr-D25/CVE-2026-49049
Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler
41RISCO
abrir ↗GitHub PoC
Reproducer for CVE-2026-40859 — Apache Camel camel-netty-http / camel-vertx-http producer-side unsafe deserialization of HTTP response bodies (RCE)
Apache Camel: Camel-Vertx-Http: Unsafe Java deserialization of HTTP response bodies via a raw ObjectInputStream when transferException is enabled
41RISCO
abrir ↗GitHub PoC★ 1
inforcqb/CVE-2026-43499-pja110
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir ↗GitHub PoC
Control Web Panel (CWP) vulnerability scenario related to CVE-2026-57517
Control Web Panel < 0.9.8.1225 Blind SQL Injection via userRes Parameter
48RISCO
abrir ↗GitHub PoC★ 1
0x00phantom-hat/CVE-2026-12400-Exploit
FlowForms <= 1.1.1 - Authenticated (Contributor+) Insecure Direct Object Reference to Arbitrary Form Modification via REST API '/flowforms/v1/forms/{id}' Endpoints
33RISCO
abrir ↗GitHub PoC
PoC for CVE-2026-49230: Apache APISIX jwe-decrypt authentication bypass (missing AES-GCM tag validation, CWE-354, CVSS 9.1)
Apache APISIX: Authentication bypass in jwe-decrypt
33RISCO
abrir ↗GitHub PoC
Laboratory validation of CVE-2026-48908 in Joomla SP Page Builder, covering unauthorized icon upload, PHP file write, code execution as www-data, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISCO
abrir ↗GitHub PoC★ 2
tc3650/CVE-2026-43499-armv7
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir ↗GitHub PoC
cazzysoci/cve-2026-48908
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-53571 `server.fs.deny` bypass on Windows alternate paths PoC.
Vite: `server.fs.deny` bypass on Windows alternate paths
41RISCO
abrir ↗GitHub PoC
Reproducer for CVE-2026-40473: Apache Camel camel-mina MinaConverter.toObjectInput unsafe deserialization (RCE over TCP/UDP)
Apache Camel Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP
41RISCO
abrir ↗GitHub PoC
CVE-2026-50746... - Draft
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Conne
48RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-53359漏洞补丁
KVM: x86: Fix shadow paging use-after-free due to unexpected role
23RISCO
abrir ↗GitHub PoC
Public disclosure for CVE-2026-52100 (CSRF) & CVE-2026-52101 (SSRF) in linx-server. MITRE assigned the CVEs; this repo provides a public reference and helps affected users understand the risk.
Cross Site Request Forgery vulnerability in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to e
41RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-50131 / GHSA-xw9q-2mv6-9fr8: Fedify incomplete SSRF mitigation advisory landing page
Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges
41RISCO
abrir ↗GitHub PoC
包括能执行的命令探测和一键getshell(需要服务器部署服务)
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
75RISCO
abrir ↗GitHub PoC★ 44
OPPO Find N2 GhostLock (CVE-2026-43499) exploit adaptation
rtmutex: Use waiter::task instead of current in remove_waiter()
41RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-50181 / GHSA-fg23-3346-88f5: Langroid path traversal advisory landing page
Langroid: Path traversal in the file tools allows read/write outside configured current directory
41RISCO
abrir ↗GitHub PoC★ 1
lieehrdiansyah12/CVE-2026-43503
net: skbuff: propagate shared-frag marker through frag-transfer helpers
41RISCO
abrir ↗GitHub PoC
CVE-2026-41089 checker: unauthenticated, non-destructive detection for the Netlogon CLDAP stack buffer overflow (CVSS 9.8). Reports whether a domain controller's domain is long enough to crash, without sending the overflow. The binary-verified analysis the public PoCs got wrong.
Windows Netlogon Remote Code Execution Vulnerability
70RISCO
abrir ↗GitHub PoC★ 154
yellow key bitlocker yellow screen bitlocker bitlocker recovery key CVE-2026-45585 microsoft account secure boot bypass command prompt windows 11 windows 10 surface pro uefi firmware encryption key data recovery troubleshoot boot loop cmd unlock drive setup guide tutorial
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir ↗GitHub PoC★ 2
Verificador de Vulnerabilidad: Bad Epoll (CVE-2026-46242)
eventpoll: fix ep_remove struct eventpoll / struct file UAF
41RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-0257 - Palo Alto PAN-OS GlobalProtect Auth Override Cookie Forgery - PoC & Analysis | CVSS 9.1 CRITICAL CISA KEV | AMN SECURITY
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.