Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.116exploits catalogados
31.651CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.116 exploits
GitHub PoC★ 2
copy_fail:CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗VulnCheck XDB
initial-access
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir ↗VulnCheck XDB
initial-access
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-39987 Exploitation Tool - Marimo < 0.23.0 Pre-Auth RCE (WebSocket)
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISCO
abrir ↗VulnCheck XDB
initial-access
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISCO
abrir ↗GitHub PoC★ 1
Automated scanner & post-exploitation toolkit for CVE-2026-41940 — cPanel & WHM root authentication bypass via session-file CRLF injection
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir ↗GitHub PoC★ 4
BitLocker TPM+PIN Hardening Against CVE-2026-45585 (YellowKey)
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir ↗GitHub PoC
CVE-2026-20182
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
Lab detection exercise for DirtyFrag (CVE-2026-43284) - Linux kernel privilege escalation via xfrm-ESP page cache corruption. Full write-up covering exploit execution, detection gaps, and corrected EQL rules using Elastic Stack
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC★ 3
CVE-2026-41096: Heap Overflow in the Windows DNS Client
Windows DNS Client Remote Code Execution Vulnerability
48RISCO
abrir ↗GitHub PoC
mein-0/cve-2026-29923
The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a
41RISCO
abrir ↗GitHub PoC
Ambiente Docker para demonstração prática da CVE-2025-54236 (SessionReaper): PHP Object Deserialization levando a RCE em Magento Open Source 2.4.7
Adobe Commerce | Improper Input Validation (CWE-20)
100RISCO
abrir ↗GitHub PoC
CVE-2025-47812 Poc for wingdata HTB
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir ↗GitHub PoC
CMS Made Simple CVE-2019-9053 Exploit (Python 3)
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir ↗GitHub PoC
Leemyunglyul/cve-2021-4034-mock
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir ↗GitHub PoC
CVE-2025-55182 — Unauthenticated RCE in React Server Components (React2Shell). CVSS 10.0 exploit tool for authorized penetration testing.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
w3nch/CVE-2025-55182-in-go
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
🎓 PoC Educativo para CVE-2026-23520. Laboratorio de análisis de vulnerabilidades y mitigación controlada. 🧪
Arcane has a Command Injection in Arcane Updater Lifecycle Labels Enables RCE
48RISCO
abrir ↗GitHub PoC
felisha-elmer/Sandbox-Challenge-Log4Shell-CVE-2021-44228-
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗VulnCheck XDB
local
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
46RISCO
abrir ↗GitHub PoC★ 1
renewablehacking/CVE-2025-55182-React-19.2.0
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2018-13379 mass exploiter for Fortinet FortiOS SSL VPN. Extracts credentials instantly, saves to CSV + PostgreSQL. Multi-threaded, no bullshit warnings.
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.
100RISCO
abrir ↗VulnCheck XDB
initial-access
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild i
83RISCO
abrir ↗GitHub PoC
Langflow remote code execution exploit
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.