Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC
A bash script for mitigating linux dirtyfrag exploit CVE-2026-43500, and fragnesia
CVE-2026-43500HIGH09 mai 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISCO
abrir
GitHub PoC
Black-box penetration test on Metasploitable 2 — Identified 3 critical vulnerabilities including CVE-2011-2523. Conducted in isolated VMware lab. Tools: Nmap, Metasploit, Netcat.
CVE-2011-252309 mai 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC
Educational cybersecurity project demonstrating exploitation and mitigation of CVE-2020-25213 (WordPress File Manager Plugin RCE). Includes malware simulation, VAPT analysis, and security patch implementation in a controlled lab environment.
CVE-2020-25213CRITICALsob ataque09 mai 2026
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitra
100RISCO
abrir
GitHub PoC
This script will attempt to mitigate the copy_fail attack. CVE-2026-31431
CVE-2026-31431HIGHsob ataque09 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC3
Read-only checker for CVE-2026-31431 (algif_aead local root). Reports kernel/module state and suggests mitigations.
CVE-2026-31431HIGHsob ataque09 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
CVE-2020-1938 Exploit
CVE-2020-1938CRITICALsob ataque09 mai 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISCO
abrir
GitHub PoC
Helios973/CVE-2026-31431_exp.c
CVE-2026-31431HIGHsob ataque09 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Defensive exposure assessment tool for identifying externally accessible cPanel, WHM, and Webmail management interfaces related to CVE-2026-41940.
CVE-2026-41940CRITICALsob ataqueransomware09 mai 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC
Hunt-Benito/copy-fail-cve-2026-31431-linux-kernel-page-cache-lpe
CVE-2026-31431HIGHsob ataque09 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Paranoid disable Linux IPsec ESP support (esp4/esp6) and RxRPC support.
CVE-2026-43284HIGH08 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-34197-Lab
CVE-2026-34197HIGHsob ataque08 mai 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISCO
abrir
GitHub PoC
HiteshGorana/susvibes-jupyter-server-cve-2026-35397
CVE-2026-35397HIGH08 mai 2026
jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix
21RISCO
abrir
GitHub PoC2
Vulnerability detection and mitigation tool for Copy Fail and Dirty Frag bugs (CVE-2026-31431, CVE-2026-43284, CVE-2026-43500)
CVE-2026-31431HIGHsob ataque08 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC22
Detector + PoC for Linux page-cache write vulnerabilities: Copy Fail (CVE-2026-31431) and Dirty Frag (CVE-2026-43284/43500). Authorized security research only.
CVE-2026-31431HIGHsob ataque08 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
EspoCRM 9.3.3 - Authenticated SSRF via Alternative IPv4 Notation
CVE-2026-33534MEDIUM08 mai 2026
EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation
48RISCO
abrir
GitHub PoC
Linux Kernel Local Privilege Escalation
CVE-2026-31431HIGHsob ataque08 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Full exploit chain lab and Suricata IDS detection for CVE-2022-30190 (Follina) - MSDT RCE
CVE-2022-30190HIGHsob ataqueransomware08 mai 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
Kernel LPE PoC & Mitigation Toolkit - ROSN-LR5-Full (CVE-2026-31431)
CVE-2026-31431HIGHsob ataque08 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
A fully refactored, Python 3 compatible exploit script for Tomcat Ghostcat (CVE-2020-1938 / CNVD-2020-10487) AJP Local File Inclusion
CVE-2020-1938CRITICALsob ataque08 mai 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISCO
abrir
GitHub PoC
A Rust honeypot that simulates a vulnerable cPanel/WHM instance for CVE-2026-41940
CVE-2026-41940CRITICALsob ataqueransomware08 mai 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
GitHub PoC
Detection rules for CVE-2026-23918 Apache http2 RCE - Credit: stringa.ai, isec.pl
CVE-2026-23918HIGH08 mai 2026
Apache HTTP Server: http2: double free and possible RCE on early reset
53RISCO
abrir
GitHub PoC
Xmyronn/CVE-2026-10243-AUTH
CVE-2026-10243MEDIUM08 mai 2026
code-projects Smart Parking System Admin Endpoint missing authentication
33RISCO
abrir
GitHub PoC
ameerhamza-malik/CVE-2026-42796
CVE-2026-42796CRITICAL08 mai 2026
Arelle < 2.39.10 Unauthenticated RCE via /rest/configure
28RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-3844-Lab
CVE-2026-3844CRITICAL08 mai 2026
Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote
75RISCO
abrir
GitHub PoC
AegisGraph: graph-based application-layer assessment evidence platform for Secure Messaging Applications (SMAs). DARPA ASEMA HR0011SB20254-12 Tier 3 research. ReproChain CVE-2023-4863 reachability + PolyDiff differential parser fuzzing + claim-state governance + reproducible benchmark surface.
CVE-2023-4863HIGHsob ataque08 mai 2026
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RISCO
abrir
GitHub PoC
Sidjaz/CrushFTP-CVE-2024-4040-Proof-of-Concept
CVE-2024-4040CRITICALsob ataque08 mai 2026
Unauthenticated arbitrary file read and remote code execution in CrushFTP
100RISCO
abrir
GitHub PoC1
kyukazamiqq/cve-2026-5718
CVE-2026-5718HIGH08 mai 2026
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISCO
abrir
GitHub PoC3
Wazuh 4.14.4 detection rules for CVE-2026-43284 / CVE-2026-43500 (Dirty Frag) - Linux Local Privilege Escalation via page cache write
CVE-2026-43284HIGH08 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
CVE-2026-31431 ("Copy Fail") vulnerability detector & exploit on Astra linux 1.7.6 with 3.7+ python
CVE-2026-31431HIGHsob ataque08 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Full black-box penetration test against SecOS:1 (VulnHub) — CSRF exploitation, privilege escalation via CVE-2015-1328 (OverlayFS), post-exploitation
CVE-2015-132808 mai 2026
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does no
50RISCO
abrir
anteriorpágina 46 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.