Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
71.114 exploits
GitHub PoC
LuizHenz/PoC-CVE-2025-55182
CVE-2025-55182CRITICALsob ataqueransomware29 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Dungsocool/CVE-2017-12635_36
CVE-2017-1263529 mai 2026
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB be
60RISCO
abrir
GitHub PoC
Exploit de Execução Remota de Código (RCE) no XWiki
CVE-2025-24893CRITICALsob ataque29 mai 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir
GitHub PoC
An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing authentication bypass.
CVE-2026-42568MEDIUM29 mai 2026
Yamcs Vulnerable to LDAP Injection in LdapAuthModule
33RISCO
abrir
Exploit-DB
MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
CVE-2026-42471HIGHwebappsphp29 mai 2026
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) cal
41RISCO
abrir
Exploit-DB
ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
CVE-2026-46522HIGHlocalmultiple29 mai 2026
ImageMagick: Infinite Loop in the MIFF decoder can lead to CPU exhaustion
41RISCO
abrir
GitHub PoC
NocoDB Shared-Base Links Could Invite Real Base Members and Survive Share Revocation
CVE-2026-46552MEDIUM29 mai 2026
NocoDB: Shared-base link access can invite arbitrary users as persistent base members
33RISCO
abrir
GitHub PoC
Oracle REST Data Services (ORDS) Unauthenticated RCE (CVE-2026-46840)
CVE-2026-46840CRITICAL29 mai 2026
Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are
48RISCO
abrir
Exploit-DB
ZTE Routers - Unauthenticated Denial of Service
CVE-2026-34473HIGHlocalmultiple29 mai 2026
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-0257HIGHsob ataque29 mai 2026
PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities
100RISCO
abrir
Exploit-DB
ZTE ZXHN H188A V6 - Authentication Bypass
CVE-2026-34472HIGH29 mai 2026
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RISCO
abrir
Exploit-DB
ZTE H298A / H108N - Unauthenticated Credential Exposure
CVE-2026-34474HIGHlocalmultiple29 mai 2026
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to
46RISCO
abrir
Exploit-DB
Microsoft - NTLMv2 Hash Capture
CVE-2026-32202MEDIUMsob ataque29 mai 2026
Windows Shell Spoofing Vulnerability
75RISCO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43500HIGHlocallinux29 mai 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISCO
abrir
GitHub PoC
CVE-2026-46376 - FreePBX Unauthenticated UCP Access via Hard-Coded Credentials
CVE-2026-46376CRITICAL29 mai 2026
FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface
48RISCO
abrir
GitHub PoC
CVE-2026-40564: SSRF via FlinkSessionJob jarURI in apache/flink-kubernetes-operator. Self-contained reproducer that runs on a local kind cluster with one make command.
CVE-2026-40564MEDIUM29 mai 2026
Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator
33RISCO
abrir
GitHub PoC1
Detection scanner for CVE-2026-48710 - Host-header auth bypass in Starlette/FastAPI
CVE-2026-48710MEDIUM28 mai 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-31431HIGHsob ataque28 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-47100-Analysis-Lab
CVE-2026-47100HIGH28 mai 2026
Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX
41RISCO
abrir
GitHub PoC6
Proof-of-concept scripts for three vulnerabilities in Notepad++ <= 8.9.6, patched in v8.9.6.1 (2026-05-26) CVE-2026-48770 / CVE-2026-48778 / CVE-2026-48800
CVE-2026-48770MEDIUM28 mai 2026
Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash
33RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL28 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC6
Gogs RCE via argument injection in git rebase (CWE-88) — Python PoC. CVE-2026-52806
CVE-2026-52806CRITICAL28 mai 2026
Gogs: RCE via git rebase --exec argument injection in pull request merge
48RISCO
abrir
GitHub PoC1
Intentionally-vulnerable nginx 1.30.0 CVE lab images (CVE-2026-40701/42934/42945/42946) for isolated security research. Lab use only.
CVE-2026-40701MEDIUM28 mai 2026
NGINX ngx_http_ssl_module vulnerability
33RISCO
abrir
GitHub PoC
POC for CVE-2026-49009, an authenticated path traversal to RCE issue in Mender Server.
CVE-2026-49009LOW28 mai 2026
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RISCO
abrir
GitHub PoC
CVE-2023-26083-Mali-InfoLeak-PoC
CVE-2023-26083LOWsob ataque28 mai 2026
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost
58RISCO
abrir
GitHub PoC
CVE-2026-35616 - Draft
CVE-2026-35616CRITICALsob ataque28 mai 2026
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta
100RISCO
abrir
GitHub PoC
EXPLOIT CVE-2026-8832
CVE-2026-8832HIGH28 mai 2026
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RISCO
abrir
GitHub PoC1
W5M1n9/NGINX-ngx_http_rewrite_module-heap-buffer-overflow-CVE-2026-9256
CVE-2026-9256CRITICAL28 mai 2026
NGINX ngx_http_rewrite_module vulnerability
48RISCO
abrir
GitHub PoC
quantumworld-dpdns-io/CVE-2026-42945
CVE-2026-42945CRITICAL28 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC10
Public advisory for CVE-2025-65640: Stored XSS vulnerability in Globe Document Intelligence.
CVE-2025-65640MEDIUM28 mai 2026
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.
33RISCO
abrir
anteriorpágina 41 / 2.371próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.