Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC6
Automated exploitation scanner for Oracle Reports Server (rwservlet) — CVE-2012-3152 / CVE-2012-3153. Detects, fingerprints, reads files via LFI, tests SSRF via webhook, and uploads JSP shells. Targets Oracle Reports < 11g. For authorized use only.
CVE-2012-3152CRITICALsob ataque15 mai 2026
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
100RISCO
abrir
GitHub PoC
permite a un atacante remoto no autenticado leer archivos arbitrarios del sistema afectado mediante una inyección de XML External Entity (XXE)
CVE-2026-20224HIGH15 mai 2026
Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability
41RISCO
abrir
GitHub PoC
Medaz-Sploit/CVE-2025-9074-Docker-Desktop-API-Escape-PoC
CVE-2025-9074CRITICAL15 mai 2026
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RISCO
abrir
GitHub PoC4
CVE-2026-42897 - Exchange Health Checker blind spot: outbound IIS URL Rewrite rules silently ignored, making EOMT mitigations invisible in diagnostic reports.
CVE-2026-42897HIGHsob ataque15 mai 2026
Microsoft Exchange Server Spoofing Vulnerability
71RISCO
abrir
GitHub PoC3
In‑depth technical analysis of CVE‑2026‑41096, a critical heap overflow in Windows DNSAPI.dll enabling remote code execution via crafted DNS responses. Includes attack vectors, patch insights, and defensive guidance for security teams.
CVE-2026-41096CRITICAL15 mai 2026
Windows DNS Client Remote Code Execution Vulnerability
48RISCO
abrir
GitHub PoC13
CVE-2026-46300
CVE-2026-46300HIGH15 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC1
forxiucn/nginx-cve-2026-42945-poc
CVE-2026-42945CRITICAL15 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
nhh9905/CVE-2022-37969
CVE-2022-37969HIGHsob ataque15 mai 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISCO
abrir
GitHub PoC18
Script Python para detecção de instâncias Nginx vulneráveis ao CVE-2026-42945 em IPs, CIDRs e ASNs.
CVE-2026-42945CRITICAL15 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC1
VsFTPd 2.3.4 Backdoor Command Execution
CVE-2011-252315 mai 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC
Tester for CVE-2026-43284
CVE-2026-43284HIGH15 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
xd20111/CVE-2026-43284
CVE-2026-43284HIGH15 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-44338-Lab
CVE-2026-44338HIGH15 mai 2026
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
61RISCO
abrir
GitHub PoC
Educational environment for LTAT.04.022 Homework 4.
CVE-2023-44487HIGHsob ataque15 mai 2026
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many
93RISCO
abrir
GitHub PoC
tocong282/CVE-2026-44578-PoC
CVE-2026-44578HIGH15 mai 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir
GitHub PoC
LangFlow RCE | CVE-2026-0770 | Proof-Of-Concept
CVE-2026-0770CRITICAL15 mai 2026
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RISCO
abrir
GitHub PoC2
Working PoC for CVE-2025-32432 - Craft CMS <= 5.6.16 unauthenticated RCE via Yii2 PhpManager gadget + nginx access.log poisoning
CVE-2025-32432CRITICALsob ataque15 mai 2026
Craft CMS Allows Remote Code Execution
100RISCO
abrir
GitHub PoC
Toshiba Qiomem.sys vulnerable driver POC (CVE-2026-56129)
CVE-2026-56129MEDIUM15 mai 2026
Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insuf
33RISCO
abrir
GitHub PoC
# CVE-2026-42154 — Prometheus Remote Read Snappy DoS
CVE-2026-42154HIGH15 mai 2026
Prometheus: remote read endpoint allows denial of service via crafted snappy payload
41RISCO
abrir
GitHub PoC75
NextSSRF — CVE-2026-44578 Scanner & Exploit ║ ║ Next.js WebSocket Upgrade Handler SSRF
CVE-2026-44578HIGH15 mai 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir
GitHub PoC6
Nuclei templates for detecting CVE-2026-44578 (Next.js WebSocket Upgrade SSRF) with multi-cloud metadata validation, Next.js fingerprinting, and real-world scanning workflows. Includes references to the original NextSSRF research and exploit tooling.
CVE-2026-44578HIGH15 mai 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir
GitHub PoC
CVE-2026-44338
CVE-2026-44338HIGH15 mai 2026
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
61RISCO
abrir
GitHub PoC2
CVE-2026-8181 PoC: Burst Statistics (3.4.0–3.4.1.1) authentication bypass. Python tool — single & multi-target scans, threaded workers, TXT reports. Authorized testing only. Maintainer: mürrez.
CVE-2026-8181CRITICAL15 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
GitHub PoC
Astianjy/CVE-2026-42203
CVE-2026-42203HIGH15 mai 2026
LiteLLM: Server-Side Template Injection in /prompts/test endpoint
41RISCO
abrir
GitHub PoC
byezero/nginx-cve-2026-42945-check
CVE-2026-42945CRITICAL15 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Este proyecto tiene como objetivo demostrar de forma práctica el funcionamiento del exploit Dirty COW (CVE-2016-5195), una vulnerabilidad crítica del en el kernel de Linux. Se simula un escenario realista en el que un atacante con acceso local limitado a un sistema sin parchear logra escalar sus privilegios hasta obtener acceso completo como root.
CVE-2016-5195HIGHsob ataque15 mai 2026
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISCO
abrir
GitHub PoC4
jelasin/CVE-2026-42945
CVE-2026-42945CRITICAL15 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Centralized Wazuh SCA Assessment for CVE-2026-42945 on NGINX Servers
CVE-2026-42945CRITICAL15 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC1
CVE-2026-42945: nginx-rift vulnerability analysis and detection script
CVE-2026-42945CRITICAL15 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC3
Behavioral detection script for CVE-2026-42945 (NGINX Rift) — heap overflow in ngx_http_rewrite_module. No RCE, crash-based detection only.
CVE-2026-42945CRITICAL15 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
anteriorpágina 41 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.