Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
71.114 exploits
GitHub PoC1
Detection scanner for CVE-2026-48710 - Host-header auth bypass in Starlette/FastAPI
CVE-2026-48710MEDIUM28 mai 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RISCO
abrir
GitHub PoC
POC for CVE-2026-49009, an authenticated path traversal to RCE issue in Mender Server.
CVE-2026-49009LOW28 mai 2026
Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4.1.1 and v4.0.2 allows Directory Traversal.
28RISCO
abrir
GitHub PoC
quantumworld-dpdns-io/CVE-2026-42945
CVE-2026-42945CRITICAL28 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
A Marp slide deck about CVE-2025-53770
CVE-2025-53770CRITICALsob ataqueransomware28 mai 2026
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
CVE-2023-26083-Mali-InfoLeak-PoC
CVE-2023-26083LOWsob ataque28 mai 2026
Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost
58RISCO
abrir
GitHub PoC
CVE-2026-35616 - Draft
CVE-2026-35616CRITICALsob ataque28 mai 2026
A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-31431HIGHsob ataque28 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC1
Intentionally-vulnerable nginx 1.30.0 CVE lab images (CVE-2026-40701/42934/42945/42946) for isolated security research. Lab use only.
CVE-2026-40701MEDIUM28 mai 2026
NGINX ngx_http_ssl_module vulnerability
33RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL28 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC6
Proof-of-concept scripts for three vulnerabilities in Notepad++ <= 8.9.6, patched in v8.9.6.1 (2026-05-26) CVE-2026-48770 / CVE-2026-48778 / CVE-2026-48800
CVE-2026-48770MEDIUM28 mai 2026
Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash
33RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-47100-Analysis-Lab
CVE-2026-47100HIGH28 mai 2026
Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX
41RISCO
abrir
GitHub PoC10
Public advisory for CVE-2025-65640: Stored XSS vulnerability in Globe Document Intelligence.
CVE-2025-65640MEDIUM28 mai 2026
Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.
33RISCO
abrir
GitHub PoC1
funixone/EXPLOIT-CVE-2026-8832
CVE-2026-8832HIGH28 mai 2026
WPCode <= 2.3.5 - Authenticated (Author+) Remote Code Execution via CPT Capability Bypass via XML-RPC wp.newPost
41RISCO
abrir
Exploit-DB
scramble - Remote Code Execution
CVE-2026-44262CRITICALwebappsphp27 mai 2026
Scramble: Remote code execution via evaluation of user-controlled input in validation rules
63RISCO
abrir
Exploit-DB
EspoCRM 9.3.3 - SSRF
CVE-2026-33534MEDIUM27 mai 2026
EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
48RISCO
abrir
GitHub PoC
CVE-2026-45659
CVE-2026-45659HIGHsob ataque27 mai 2026
Microsoft SharePoint Remote Code Execution Vulnerability
71RISCO
abrir
GitHub PoC
lwd3c/CVE-2026-47342
CVE-2026-47342HIGH27 mai 2026
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
21RISCO
abrir
GitHub PoC
hadhub/CVE-2026-49344-Mercator-JSON-DSL
CVE-2026-49344HIGH27 mai 2026
Mercator has a Personal Identifiable Information Leak from Query Executor feature
41RISCO
abrir
GitHub PoC
Passive checker for CVE-2026-9082 / SA-CORE-2026-004 (Drupal core SQL injection, PostgreSQL)
CVE-2026-9082CRITICALsob ataque27 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
thinhap/CVE-2026-9082-PoC
CVE-2026-9082CRITICALsob ataque27 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
CVE-2026-45659 Microsoft SharePoint Server Deserialization RCE.
CVE-2026-45659HIGHsob ataque27 mai 2026
Microsoft SharePoint Remote Code Execution Vulnerability
71RISCO
abrir
VulnCheck XDB
initial-access
CVE-2017-1161027 mai 2026
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
60RISCO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43284HIGHlocallinux27 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
Generate the poc for CVE-2026-4893: broken EDNS Client Subnet validation.
CVE-2026-4893MEDIUM27 mai 2026
CVE-2026-4893
33RISCO
abrir
GitHub PoC
CVE-2026-5172: buffer overflow in extract_addresses() on crafted resource record PoC
CVE-2026-5172HIGH27 mai 2026
CVE-2026-5172
41RISCO
abrir
GitHub PoC
SSRF Discovered in Mercator
CVE-2026-49345MEDIUM27 mai 2026
Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)
33RISCO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43500HIGHlocallinux27 mai 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISCO
abrir
GitHub PoC
mein-0/cve-2026-0828
CVE-2026-0828HIGH27 mai 2026
Kernel driver vulnerability in Safetica Endpoint Client
41RISCO
abrir
VulnCheck XDB
info-leak
CVE-2026-26980CRITICAL27 mai 2026
Ghost has a SQL Injection in its Content API
75RISCO
abrir
GitHub PoC1
Starlette Host-Header URL Confusion Lab (X41-2026-002) - CVE-2026-48710
CVE-2026-48710MEDIUM27 mai 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RISCO
abrir
anteriorpágina 42 / 2.371próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.