Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC2
Automated Metasploit post-exploitation module for CVE-2026-31431 ("Copy Fail"). Weaponizes a deterministic logic flaw in the Linux kernel AF_ALG subsystem to achieve local privilege escalation (LPE) to root by safely corrupting a setuid binary directly in the shared Page Cache (RAM) without modifying files on disk
CVE-2026-31431HIGHsob ataque16 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Read-only WordPress User Registration CVE-2026-1492 checker for hidden admins, plugin version, uploads PHP, cron, and compromise IOCs.
CVE-2026-1492CRITICAL16 mai 2026
User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration
68RISCO
abrir
GitHub PoC
Zero-dependency CLI scanner for npm/PyPI supply chain compromises. Detects compromised packages in lockfiles and system-level IOCs from attacks like Mini Shai-Hulud (CVE-2026-45321).
CVE-2026-45321CRITICALsob ataqueransomware16 mai 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir
GitHub PoC
lwd3c/CVE-2026-46586
CVE-2026-46586HIGH16 mai 2026
Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution
21RISCO
abrir
GitHub PoC6
CHARON — pre-built PoC for CVE-2026-46333 (Linux ptrace mm==NULL fd theft)
CVE-2026-46333HIGH16 mai 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISCO
abrir
GitHub PoC4
CVE-2026-38526 | Krayin CRM v2.2.x Authenticated RCE - Unrestricted PHP File Upload via TinyMCE
CVE-2026-38526CRITICAL16 mai 2026
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RISCO
abrir
GitHub PoC
fellipefelix06/Zabbix-CVE-2024-42327
CVE-2024-42327CRITICAL16 mai 2026
SQL injection in user.get API
70RISCO
abrir
GitHub PoC
Exploit for the CVE-2026-8181 - Burst Statistics WordPress Plugin Authentication Bypass
CVE-2026-8181CRITICAL16 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
GitHub PoC
CVE-2026-8181: Burst Statistics Auth Bypass → REST API takeover & admin creation. Python 2.7. Educational use only.
CVE-2026-8181CRITICAL16 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
GitHub PoC
Maxime288/CVE-2026-31431-Copy-Fail-R-pertoire-de-Pr-vention
CVE-2026-31431HIGHsob ataque16 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC2
Shell script to detect TanStack npm supply chain attack indicators (CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx)
CVE-2026-45321CRITICALsob ataqueransomware16 mai 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir
GitHub PoC7
CVE-2026-44578: Next.js WebSocket Upgrade SSRF — pre-auth credential theft via localhost:80. Lab + exploit + audit.
CVE-2026-44578HIGH16 mai 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir
GitHub PoC1
CVE-2026-44578
CVE-2026-44578HIGH16 mai 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir
GitHub PoC
This exploit is based on CVE-2023-26360 (https://nvd.nist.gov/vuln/detail/CVE-2023-26360) and was built on top of the Metasploit module and the jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit.
CVE-2023-26360HIGHsob ataque16 mai 2026
Adobe ColdFusion Improper Access Control Arbitrary code execution
100RISCO
abrir
GitHub PoC
Safe Python scanner for Cisco CVE-2025-20333 (Cisco ASA/FTD WebVPN Buffer Overflow)
CVE-2025-20333CRITICALsob ataque16 mai 2026
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secu
90RISCO
abrir
GitHub PoC
User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
CVE-2026-4882CRITICAL16 mai 2026
User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload
48RISCO
abrir
GitHub PoC
CVE-2026-45091
CVE-2026-45091CRITICAL16 mai 2026
sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)
48RISCO
abrir
GitHub PoC
Read-only cPanel CVE-2026-41940 IOC detector for .sorry ransomware, Mr_Rot13 Filemanager backdoors, C2 callbacks, cron, SSH, and logs.
CVE-2026-41940CRITICALsob ataqueransomware16 mai 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC1
This exploit is based on CVE-2021-33393 and was built upon the original exploit by Mücahit Saratar, extending it to achieve a reverse shell with root privileges.
CVE-2021-3339316 mai 2026
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It
50RISCO
abrir
GitHub PoC
Python toolkit to audit Apache HTTP Server against CVE-2026-23918 (HTTP/2 double-free RCE) and 4 related CVEs. Passive scanner with ALPN verification + read-only local auditor. No exploits.
CVE-2026-23918HIGH16 mai 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISCO
abrir
GitHub PoC2
Technical breakdown of CVE-2026-34473, an unauthenticated denial of service affecting 17+ ZTE router models.
CVE-2026-34473HIGH16 mai 2026
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H
41RISCO
abrir
GitHub PoC
CVE-2026-39987
CVE-2026-39987CRITICALsob ataque16 mai 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISCO
abrir
GitHub PoC
Estudio del bug CVE-2026-31431
CVE-2026-31431HIGHsob ataque16 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC18
nginx CVE scanner + RCE exploit framework (CVE-2026-42945 + 16 others)
CVE-2026-42945CRITICAL16 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Safe Python scanner for CVE-2025-20362 (Cisco ASA/FTD WebVPN Authentication Bypass)
CVE-2025-20362MEDIUMsob ataque16 mai 2026
Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Softwar
100RISCO
abrir
GitHub PoC2
PoC for CVE-2026-6433: WordPress FlipperCode Custom CSS, JS & PHP (≤2.0.7) — unauthenticated SQLi to RCE. Python 3 stdlib; single target or bulk multi-threaded scanning. Authorized testing & research only.
CVE-2026-6433HIGH16 mai 2026
Custom CSS JS PHP <= 2.0.7 - Unauthenticated SQL Injection to RCE
56RISCO
abrir
GitHub PoC13
Evince/xreader/Atril RCE exploit to CVE-2026-46529
CVE-2026-46529HIGH16 mai 2026
PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen
41RISCO
abrir
GitHub PoC
Source-built nginx 1.25.5 container with backported CVE-2026-42945 fix, OpenSSL bump, full provenance chain, and VEX attestation.
CVE-2026-42945CRITICAL16 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Apache Axis1.4 远程命令执行漏洞利用工具 - CVE-2019-0227,支持随机化服务名和Webshell文件名
CVE-2019-022716 mai 2026
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2
45RISCO
abrir
GitHub PoC
This repository contains a Proof of Concept (PoC) Python script for CVE-2025-58434, which enables attackers to change passwords of other users without authentication process in flowise version 3.0.5 and lower due to token leakage.
CVE-2025-58434CRITICAL16 mai 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir
anteriorpágina 40 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.