Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.116 exploits
GitHub PoC
this little script blocks the new splice-ram-privlilleg ecalation fastly befor the contributers do it ( CVE-2026-31431) (CopyFail fix)
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
pixelotes/lab-cve-2023-4863
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RISCO
abrir ↗GitHub PoC
copy-fail-CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 1
Analísis - POC - Mitigación
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 2
Scanner for the Mini Shai-Hulud npm/PyPI supply chain worm (NHS CC-4781 · CVE-2026-45321). Detects gh-token-monitor persistence, payload artefacts, and attacker commits. Python, Bash, PowerShell.
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir ↗GitHub PoC
bogdanrotariu/cve-2026-29204-whmcs-clientarea-addonid
Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using anoth
48RISCO
abrir ↗GitHub PoC★ 1
First CTF successfully completed! This repo documents my walkthrough of TryHackMe's Simple CTF. It covers network reconnaissance (Nmap), web exploitation (CVE-2019-9053), and credential cracking. As a dev, it was great to pivot from SQLi to a Root shell by leveraging Sudo misconfigurations. Educational purposes only.
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-33626-Lab
LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
68RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-8196
JeecgBoot mLogin Endpoint LoginController.java authorization
33RISCO
abrir ↗GitHub PoC★ 254
Full exploit code for CVE-2026-40369 - A Windows kernel arbitrary write vulnerability that allows browser sandbox escape from all browsers render process sandbox
Windows Kernel Elevation of Privilege Vulnerability
41RISCO
abrir ↗GitHub PoC
FrosterDL/CVE-2026-43284
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
There is a path injection vulnerability in OpenPLC-v3, which arises from the program not performing any validity checks on the file path parameters passed in from the command line. Attackers can read any readable file by constructing malicious paths, posing a risk of information leakage.
A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program com
33RISCO
abrir ↗GitHub PoC★ 3
masjadaan/CVE-2025-29338
NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buff
33RISCO
abrir ↗GitHub PoC
Bencodin/CVE-2026-23918-poc
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISCO
abrir ↗GitHub PoC
SessionReaper-CVE-2025-54236
Adobe Commerce | Improper Input Validation (CWE-20)
100RISCO
abrir ↗GitHub PoC
A tiny explanation + PoC for CVE-2026-43284
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC★ 6
🚀 CVE-2026-41940 cPanel/WHM Auth Bypass Exploit - Best Flow 💥 CRLF injection leads to auth bypass, session hijacking & account leak. ✅ Proxy, custom UA, keep-alive, retries, SSL verify, colored output, file save support. ⚡ Advanced PoC for pentesters.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir ↗GitHub PoC
Are you get Tanstack Supply chain attack attack of 5/11? CVE-2026-45321 / GHSA-g7cv-rxg3-hmpx
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir ↗GitHub PoC★ 29
PoC for CVE-2026-3609 - XIGNCODE3 xhunter1.sys handle leak enabling PPL bypass and LSASS dumping
XIGNCODE3 xhunter1.sys kernel driver contains a Privilege Escalation Vulnerability
33RISCO
abrir ↗GitHub PoC
SystemVll/CVE-2026-31431-copyfail-aarch64
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 1
Claude Code skill to scan machines for Mini Shai-Hulud (CVE-2026-45321) supply chain worm IOCs
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir ↗GitHub PoC★ 1
Detect CVE-2026-45321 Mini Shai-Hulud supply chain compromise — scans for 170 npm + 2 PyPI poisoned packages across TanStack, Mistral AI, UiPath, OpenSearch, Guardrails AI
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir ↗GitHub PoC★ 2
Dead.Letter CVE-2026-45185 EXIM Vulnerability Detection Script
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing p
48RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-29000 – pac4j-jwt Authentication Bypass (🔥 CVSS 10.0). One-click admin forge via public key JWE wrapping. Leaks configs, users, secrets. Keep-alive, proxy, custom JWKS.⚙️ Educational PoC Exploit tool.
pac4j-jwt JwtAuthenticator Authentication Bypass
48RISCO
abrir ↗GitHub PoC
y0naldez/CVE-2024-28397-Js2Py-RCE
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RISCO
abrir ↗GitHub PoC
🛡️ One-command scanner for CVE-2026-45321 — TanStack npm supply-chain attack
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir ↗GitHub PoC★ 20
azefzafyoussef/CVE-2026-34621
Acrobat Reader | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
71RISCO
abrir ↗GitHub PoC
lamaper/CVE-2026-52200
An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax
28RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.