Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
71.114 exploits
Exploit-DB
YAMCS yamcs-core 5.12.7 - No Rate Limiting
CVE-2026-44596MEDIUMwebappsmultiple30 mai 2026
Yamcs: No Rate Limiting on Authentication Endpoint
30RISCO
abrir
GitHub PoC7
Notepad++ RCE via config.xml commandLineInterpreter
CVE-2026-48778HIGH30 mai 2026
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RISCO
abrir
GitHub PoC
kavin-jindal/CVE-2026-48778-PoC
CVE-2026-48778HIGH30 mai 2026
Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter
41RISCO
abrir
GitHub PoC
Python POC, Exploit for CVE-2026-29000
CVE-2026-29000CRITICAL30 mai 2026
pac4j-jwt JwtAuthenticator Authentication Bypass
48RISCO
abrir
GitHub PoC7
CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG.
CVE-2025-38352HIGHsob ataque30 mai 2026
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RISCO
abrir
VulnCheck XDB
initial-access
CVE-2023-27350CRITICALsob ataqueransomware30 mai 2026
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2024-36401CRITICALsob ataque30 mai 2026
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
100RISCO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43500HIGHlocallinux29 mai 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISCO
abrir
Exploit-DB
ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
CVE-2026-46522HIGHlocalmultiple29 mai 2026
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
41RISCO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-46300HIGHlocallinux29 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC
YAMCS yamcs-core < 5.12.7 lacks rate limiting on POST /auth/token. An unauthenticated attacker can perform unlimited brute-force attempts against any account. Never returns HTTP 429. Fixed in 5.12.7.
CVE-2026-44596MEDIUM29 mai 2026
Yamcs: No Rate Limiting on Authentication Endpoint
30RISCO
abrir
GitHub PoC
# CVE-2026-44595 YAMCS Unauthorized User Enumeration via IAM API
CVE-2026-44595MEDIUM29 mai 2026
Yamcs: Unauthorized user enumeration via IAM API endpoints
30RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-0257HIGHsob ataque29 mai 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43284HIGHlocallinux29 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
Exploit-DB
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
CVE-2026-44403HIGHremotemultiple29 mai 2026
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RISCO
abrir
GitHub PoC
An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing authentication bypass.
CVE-2026-42568MEDIUM29 mai 2026
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RISCO
abrir
GitHub PoC
Oracle REST Data Services (ORDS) Unauthenticated RCE (CVE-2026-46840)
CVE-2026-46840CRITICAL29 mai 2026
Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are
48RISCO
abrir
GitHub PoC
Professional TryHackMe Simple CTF walkthrough covering enumeration, CMS Made Simple SQL Injection (CVE-2019-9053), credential recovery, SSH access, privilege escalation via Vim, and root compromise.
CVE-2019-905329 mai 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir
Exploit-DB
Prodigy Commerce 3.3.0 - Local File Inclusion
CVE-2026-0926CRITICAL29 mai 2026
Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name]
63RISCO
abrir
GitHub PoC
P1 W8 S22 - Metasploit Samba CVE-2007-2447 Exploitation
CVE-2007-244729 mai 2026
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISCO
abrir
VulnCheck XDB
initial-access
CVE-2017-1263529 mai 2026
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RISCO
abrir
GitHub PoC
Technical report about CVE-2022-22947 in Spring Cloud Gateway and its exploitation through exposed Actuator endpoints.
CVE-2022-22947CRITICALsob ataque29 mai 2026
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RISCO
abrir
GitHub PoC1
Safely detect whether a UniFi Network Application controller is vulnerable to CVE-2026-22557
CVE-2026-22557CRITICAL29 mai 2026
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network App
68RISCO
abrir
Exploit-DB
Langflow 1.3.0 - Remote Code Execution
CVE-2026-0770CRITICAL29 mai 2026
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RISCO
abrir
GitHub PoC
Automated CVE-2022-26923 Exploitation (Certifried)
CVE-2022-26923HIGHsob ataque29 mai 2026
Active Directory Domain Services Elevation of Privilege Vulnerability
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2022-26923HIGHsob ataque29 mai 2026
Active Directory Domain Services Elevation of Privilege Vulnerability
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-24893CRITICALsob ataque29 mai 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir
GitHub PoC
CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials
CVE-2026-46376CRITICAL29 mai 2026
FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
48RISCO
abrir
GitHub PoC2
akashsingh0454/CVE-2026-0257-PoC
CVE-2026-0257HIGHsob ataque29 mai 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
Exploit-DB
ZTE ZXHN H188A V6 - Authentication Bypass
CVE-2026-34472HIGH29 mai 2026
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RISCO
abrir
anteriorpágina 40 / 2.371próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.