Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.166exploits catalogados
31.689CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.135VulnCheck XDB 8.069Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.165 exploits
VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 2
copy_fail:CVE-2026-31431
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
CVE-2026-20182
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir ↗GitHub PoC★ 1
Local Privilege Escalation in Amazon WorkSpaces via TOCTOU and Arbitrary File Write
Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpace
41RISCO
abrir ↗GitHub PoC★ 7
Drupal CVE-2026-9082 Blind SQL Injection Checker
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-39987 Exploitation Tool - Marimo < 0.23.0 Pre-Auth RCE (WebSocket)
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISCO
abrir ↗GitHub PoC
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload
48RISCO
abrir ↗GitHub PoC
webdev75950-ux/nginx-rce-cve-2026-42945
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir ↗GitHub PoC
Ethical Hacking Assessment | Practical vulnerability testing of vsftpd 2.3.4 backdoor (CVE-2011-2523) on Metasploitable2 using Kali Linux & Metasploit
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir ↗GitHub PoC★ 8
R3n3r0/CVE-2026-20700
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3,
71RISCO
abrir ↗GitHub PoC
felisha-elmer/Sandbox-Challenge-Log4Shell-CVE-2021-44228-
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2018-13379 mass exploiter for Fortinet FortiOS SSL VPN. Extracts credentials instantly, saves to CSV + PostgreSQL. Multi-threaded, no bullshit warnings.
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.
100RISCO
abrir ↗GitHub PoC★ 1
renewablehacking/CVE-2025-55182-React-19.2.0
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗VulnCheck XDB
local
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
46RISCO
abrir ↗GitHub PoC
CVE-2026-6279: Avada (Fusion) Builder <= 3.15.2 – Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler (fusion-builder)
Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler
48RISCO
abrir ↗GitHub PoC★ 1
Unauthenticated Privilege Escalation CVE-2026-9018: Easy Elements for Elementor
Easy Elements for Elementor – Addons & Website Templates <= 1.4.5 - Unauthenticated Privilege Escalation via 'custom_meta' Parameter
41RISCO
abrir ↗GitHub PoC★ 3
CVE-2026-6279 — Avada Builder <= 3.15.2 Unauthenticated RCE via call_user_func()
Avada (Fusion) Builder <= 3.15.2 - Unauthenticated Remote Code Execution via PHP Function Injection via 'render_logics' Shortcode Attribute via Widget AJAX Handler
48RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-48172
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild i
83RISCO
abrir ↗GitHub PoC
Xmyronn/CVE-2026-11518-XSS
SourceCodester Inventory System User Management users.php cross site scripting
33RISCO
abrir ↗GitHub PoC
CVE-2026-41901
Thymeleaf: Improper recognition of unauthorized syntax patterns in sandboxed Thymeleaf expressions
48RISCO
abrir ↗GitHub PoC
Google Dorks for detecting CMS Made Simple < 2.2.10 SQL Injection (CVE-2019-9053). Built for security auditing and patch verification.
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir ↗GitHub PoC
mein-0/cve-2025-7771
Code Execution / Escalation of Privileges in ThrottleStop
41RISCO
abrir ↗VulnCheck XDB
initial-access
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RISCO
abrir ↗VulnCheck XDB
initial-access
LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild i
83RISCO
abrir ↗VulnCheck XDB
local
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3,
71RISCO
abrir ↗GitHub PoC
CVE-2026-6960: BookingPress Pro <= 5.6 – Unauthenticated Arbitrary File Upload
BookingPress Pro <= 5.6 - Unauthenticated Arbitrary File Upload via Signature Custom Field
48RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.