Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
71.114 exploits
GitHub PoC18
CVE-2026-27771 - Gitea/Forgejo Container Registry Auth Bypass Exploit PoC - Pull private container images without authentication
CVE-2026-27771HIGH27 mai 2026
Gitea Composer package source links use insufficient permission checks
68RISCO
abrir
Exploit-DB
scramble - Remote Code Execution
CVE-2026-44262CRITICALwebappsphp27 mai 2026
Scramble: Remote code execution via evaluation of user-controlled input in validation rules
63RISCO
abrir
GitHub PoC
hadhub/CVE-2026-49344-Mercator-JSON-DSL
CVE-2026-49344HIGH27 mai 2026
Mercator has a Personal Identifiable Information Leak from Query Executor feature
41RISCO
abrir
GitHub PoC
Generate the poc for CVE-2026-4893: broken EDNS Client Subnet validation.
CVE-2026-4893MEDIUM27 mai 2026
CVE-2026-4893
33RISCO
abrir
GitHub PoC
Description
CVE-2022-22965CRITICALsob ataque27 mai 2026
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISCO
abrir
GitHub PoC
CVE-2026-5172: buffer overflow in extract_addresses() on crafted resource record PoC
CVE-2026-5172HIGH27 mai 2026
CVE-2026-5172
41RISCO
abrir
Exploit-DB
EspoCRM 9.3.3 - SSRF
CVE-2026-33534MEDIUM27 mai 2026
EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
48RISCO
abrir
GitHub PoC
Spring4Shell (CVE-2022-22965) 漏洞環境搭建與 CTF 題目
CVE-2022-22965CRITICALsob ataque27 mai 2026
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISCO
abrir
GitHub PoC
SSRF Discovered in Mercator
CVE-2026-49345MEDIUM27 mai 2026
Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)
33RISCO
abrir
VulnCheck XDB
info-leak
CVE-2026-26980CRITICAL27 mai 2026
Ghost has a SQL Injection in its Content API
75RISCO
abrir
Exploit-DB
MeiG Smart FORGE_SLT711 - OS Command Injection
CVE-2026-36356CRITICALhardwarelinux27 mai 2026
The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthentica
53RISCO
abrir
Exploit-DB
Linux Kernel - Local Privilege Escalation
CVE-2026-43500HIGHlocallinux27 mai 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISCO
abrir
GitHub PoC1
Starlette Host-Header URL Confusion Lab (X41-2026-002) - CVE-2026-48710
CVE-2026-48710MEDIUM27 mai 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RISCO
abrir
GitHub PoC
Passive checker for CVE-2026-9082 / SA-CORE-2026-004 (Drupal core SQL injection, PostgreSQL)
CVE-2026-9082CRITICALsob ataque27 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
lwd3c/CVE-2026-47342
CVE-2026-47342HIGH27 mai 2026
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
21RISCO
abrir
GitHub PoC
thinhap/CVE-2026-9082-PoC
CVE-2026-9082CRITICALsob ataque27 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
CVE-2021-3560 — Polkit privilege escalation exploit via accounts-daemon D-Bus race condition
CVE-2021-3560HIGHsob ataque27 mai 2026
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RISCO
abrir
GitHub PoC
Lab 3: Supervisord XML-RPC Remote Code Execution (CVE-2017-11610) - Writeup and Exploit
CVE-2017-1161027 mai 2026
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows rem
60RISCO
abrir
GitHub PoC
this is a study about CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
CVE-2021-3156HIGHsob ataque27 mai 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISCO
abrir
GitHub PoC
0x00phantom-hat/Hoverfly-1.11.3-RCE-CVE-2025-54123-Exploit
CVE-2025-54123CRITICAL27 mai 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISCO
abrir
GitHub PoC
This exploit is based on CVE-2019-6340 and was built upon the original exploit by leonjza and the Metasploit module, extending it can be executed multiple times against the same target without waiting for cache expiration.
CVE-2019-6340HIGHsob ataque27 mai 2026
Drupal core - Highly critical - Remote Code Execution
100RISCO
abrir
GitHub PoC3
Ghost Content API SQL Injection
CVE-2026-26980CRITICAL27 mai 2026
Ghost has a SQL Injection in its Content API
75RISCO
abrir
GitHub PoC
SOC336 - Windows OLE Zero-Click RCE Exploitation Detected (CVE-2025-21298) Walkthrough
CVE-2025-21298CRITICAL27 mai 2026
Windows OLE Remote Code Execution Vulnerability
70RISCO
abrir
Exploit-DB
cPanel - CRLF Injection
CVE-2026-41940CRITICALsob ataqueransomwarewebappsphp26 mai 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC
CVE-2021-43798 MiNi Exploitation Framework
CVE-2021-43798HIGHsob ataque26 mai 2026
Grafana path traversal
100RISCO
abrir
Exploit-DB
Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover
CVE-2026-7567CRITICALwebappsmultiple26 mai 2026
Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover
48RISCO
abrir
GitHub PoC1
Cisco Catalyst SD-WAN Peering Authentication Bypass
CVE-2026-20182CRITICALsob ataque26 mai 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir
GitHub PoC
CVE-2026-5718: Unauthenticated File Upload To RCE in DnD Upload CF7 Plugin
CVE-2026-5718HIGH26 mai 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISCO
abrir
VulnCheck XDB
local
CVE-2026-43284HIGH26 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALsob ataqueransomware26 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
anteriorpágina 43 / 2.371próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.