Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.114 exploits
GitHub PoC★ 1
Detection scanner for CVE-2026-48710 - Host-header auth bypass in Starlette/FastAPI
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RISCO
abrir ↗GitHub PoC
POC for CVE-2026-49009, an authenticated path traversal to RCE issue in Mender Server.
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RISCO
abrir ↗GitHub PoC
quantumworld-dpdns-io/CVE-2026-42945
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir ↗GitHub PoC
A Marp slide deck about CVE-2025-53770
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISCO
abrir ↗GitHub PoC
CVE-2023-26083-Mali-InfoLeak-PoC
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost
58RISCO
abrir ↗GitHub PoC
CVE-2026-35616 - Draft
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta
100RISCO
abrir ↗GitHub PoC★ 1
Intentionally-vulnerable nginx 1.30.0 CVE lab images (CVE-2026-40701/42934/42945/42946) for isolated security research. Lab use only.
NGINX ngx_http_ssl_module vulnerability
33RISCO
abrir ↗GitHub PoC★ 6
Proof-of-concept scripts for three vulnerabilities in Notepad++ <= 8.9.6, patched in v8.9.6.1 (2026-05-26) CVE-2026-48770 / CVE-2026-48778 / CVE-2026-48800
Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash
33RISCO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-47100-Analysis-Lab
Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX
41RISCO
abrir ↗GitHub PoC★ 10
Public advisory for CVE-2025-65640: Stored XSS vulnerability in Globe Document Intelligence.
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.
33RISCO
abrir ↗GitHub PoC★ 1
funixone/EXPLOIT-CVE-2026-8832
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RISCO
abrir ↗Exploit-DB
scramble - Remote Code Execution
Scramble: Remote code execution via evaluation of user-controlled input in validation rules
63RISCO
abrir ↗Exploit-DB
EspoCRM 9.3.3 - SSRF
EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
48RISCO
abrir ↗GitHub PoC
lwd3c/CVE-2026-47342
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
21RISCO
abrir ↗GitHub PoC
hadhub/CVE-2026-49344-Mercator-JSON-DSL
Mercator has a Personal Identifiable Information Leak from Query Executor feature
41RISCO
abrir ↗GitHub PoC
Passive checker for CVE-2026-9082 / SA-CORE-2026-004 (Drupal core SQL injection, PostgreSQL)
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir ↗GitHub PoC
thinhap/CVE-2026-9082-PoC
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir ↗GitHub PoC
CVE-2026-45659 Microsoft SharePoint Server Deserialization RCE.
Microsoft SharePoint Remote Code Execution Vulnerability
71RISCO
abrir ↗VulnCheck XDB
initial-access
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
60RISCO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
Generate the poc for CVE-2026-4893: broken EDNS Client Subnet validation.
CVE-2026-4893
33RISCO
abrir ↗GitHub PoC
CVE-2026-5172: buffer overflow in extract_addresses() on crafted resource record PoC
CVE-2026-5172
41RISCO
abrir ↗GitHub PoC
SSRF Discovered in Mercator
Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)
33RISCO
abrir ↗Exploit-DB
Linux Kernel - Local Privilege Escalation
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISCO
abrir ↗GitHub PoC★ 1
Starlette Host-Header URL Confusion Lab (X41-2026-002) - CVE-2026-48710
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.