Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
71.114 exploits
Exploit-DB
Grav CMS 2.0.0-beta.2 - Remote Code Execution
CVE-2026-42607CRITICALwebappsphp26 mai 2026
Grav: Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature
48RISCO
abrir
GitHub PoC1
Cisco Catalyst SD-WAN Peering Authentication Bypass
CVE-2026-20182CRITICALsob ataque26 mai 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir
GitHub PoC
xxconi/CVE-2026-6271
CVE-2026-6271CRITICAL26 mai 2026
Career Section <= 1.7 - Unauthenticated Arbitrary File Upload
48RISCO
abrir
GitHub PoC
xxconi/CVE-2026-46275
CVE-2026-46275HIGH26 mai 2026
Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths
41RISCO
abrir
GitHub PoC
CVE-2026-3296 is a CVSS 9.8 Critical unauthenticated PHP Object Injection vulnerability in the Everest Forms WordPress plugin
CVE-2026-3296CRITICAL26 mai 2026
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
48RISCO
abrir
GitHub PoC
CVE-2026-5426
CVE-2026-5426CRITICAL26 mai 2026
KnowledgeDeliver deployments before February 24, 2026 use a static ASP.NET/IIS machineKey value
48RISCO
abrir
GitHub PoC1
Working exploit for ssrf issue reported in CVE-2026–45401
CVE-2026-45401HIGH26 mai 2026
Open WebUI: SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image-Load Endpoints
41RISCO
abrir
GitHub PoC
CVE-2026-6741 is a CVSS 8.8 (High) Authenticated (Agent+) Privilege Escalation vulnerability in the LatePoint – Calendar Booking Plugin
CVE-2026-6741HIGH26 mai 2026
LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability
41RISCO
abrir
Exploit-DB
Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service
CVE-2026-23918HIGHwebappsmultiple26 mai 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISCO
abrir
GitHub PoC
xxconi/CVE-2026-2942
CVE-2026-2942CRITICAL26 mai 2026
ProSolution WP Client <= 1.9.9 - Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-20182CRITICALsob ataque26 mai 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir
GitHub PoC1
Proof-of-concept for CVE-2026-43284 — 4-byte XFRM/ESP page-cache write primitive to patch a setuid binary (x86_64, user namespaces). Includes kernel preflight + SUID scan.
CVE-2026-43284HIGH26 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALsob ataqueransomware26 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
CVE-2026-48095
CVE-2026-48095HIGH26 mai 2026
GHSL-2026-140_7-Zip: 7-Zip has a heap buffer overflow via NTFS compressed stream buffer under-allocation
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-9082CRITICALsob ataque26 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
CVE-2026-5364 is a CVSS 8.1 (High) Unauthenticated Arbitrary File Upload vulnerability in the Drag and Drop File Upload for Contact Form 7
CVE-2026-5364HIGH26 mai 2026
Drag and Drop File Upload for Contact Form 7 <= 1.1.3 - Unauthenticated Arbitrary File Upload via sanitize_file_name Bypass
41RISCO
abrir
GitHub PoC10
ambionics/cve-2026-9082-drupal-postgresql-rce
CVE-2026-9082CRITICALsob ataque26 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
xl337x/CVE-2023-31902
CVE-2023-31902CRITICAL26 mai 2026
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).
63RISCO
abrir
Exploit-DB
cPanel - CRLF Injection
CVE-2026-41940CRITICALsob ataqueransomwarewebappsphp26 mai 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC
CVE-2026-5718: Unauthenticated File Upload To RCE in DnD Upload CF7 Plugin
CVE-2026-5718HIGH26 mai 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISCO
abrir
GitHub PoC
Complete CosmicSting (CVE-2024-34102) exploit suite for Magento/Adobe Commerce XXE vulnerability
CVE-2024-34102CRITICALsob ataque25 mai 2026
XXE can expose crypt key and other secrets granting full admin access
100RISCO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-47102HIGH25 mai 2026
LiteLLM < 1.83.10 Privilege Escalation via User Update
41RISCO
abrir
GitHub PoC
CVE-2026-38426 — strcpy() Stack Buffer Overflow in Tasmota fetch_jpg() boundary[40] (Tasmota <= 15.3.0.3)
CVE-2026-38426HIGH25 mai 2026
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary cod
41RISCO
abrir
GitHub PoC
translating original python exploit to C
CVE-2026-0073HIGH25 mai 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISCO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-47101HIGH25 mai 2026
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
41RISCO
abrir
VulnCheck XDB
info-leak
CVE-2020-1938CRITICALsob ataque25 mai 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-55182CRITICALsob ataqueransomware25 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
HAERIN-L/POC_CVE-2026-42880
CVE-2026-42880CRITICAL25 mai 2026
ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
48RISCO
abrir
GitHub PoC
CVE-2026-33712 - Typebot <= 3.15.2 Unauthenticated SSRF via isolated-vm sandbox fetch
CVE-2026-33712CRITICAL25 mai 2026
TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls
48RISCO
abrir
GitHub PoC
CVE-2026-38427 — Integer Wraparound → Heap Buffer Overflow in Tasmota fetch_jpg() uint16_t (Tasmota <= 15.3.0.3)
CVE-2026-38427HIGH25 mai 2026
An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffe
41RISCO
abrir
anteriorpágina 44 / 2.371próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.