Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.180 exploits
GitHub PoC★ 1
More portable POC of copyfail LPE (CVE-2026-31431) that works on Alpine Linux
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
CVE-2026-5118-exp_wordpress_Divi Form Builder
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
48RISCO
abrir ↗GitHub PoC★ 5
CVE-2026-5118 | Divi Form Builder <= 5.1.2 | Unauthenticated Privilege Escalation via Role Injection
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
48RISCO
abrir ↗GitHub PoC
A Go implementation of dirtydecrypt (CVE-2026-31635)
rxrpc: fix oversized RESPONSE authenticator length check
41RISCO
abrir ↗GitHub PoC
CVE-2026-5118 – Python2 mass exploit for Divi WordPress plugin Unauthenticated administrator registration via admin-ajax.php. Multi‑threaded scanner with nonce extraction.
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
48RISCO
abrir ↗VulnCheck XDB
initial-access
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir ↗GitHub PoC★ 1
Intune Remediation package for the CVE-2026-45585 YellowKey BitLocker/WinRE bypass mitigation described in the provided procedure. This package removes `autofstx.exe` from the offline WinRE image's `BootExecute` value and refreshes WinRE registration so BitLocker trust is reestablished.
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir ↗GitHub PoC
「🪶」PoC (Proof of concept) of Path traversal + RCE in Apache HTTP Server 2.4.49
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir ↗GitHub PoC
EXPOSURE demo target: Tomcat (CVE-2016-0714) + Apache Rave (CVE-2013-1814) + Java filter-padding deps
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain s
60RISCO
abrir ↗GitHub PoC
CVE-2026-46680 exploit
containerd user ID handling bypass allows runAsNonRoot evasion
41RISCO
abrir ↗GitHub PoC
Synthetic demo target for EXPOSURE — CVE-2018-21268 (traceroute) + CVE-2018-3757 (pdf-image)
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host para
48RISCO
abrir ↗GitHub PoC
yangh-beep/CVE-2026-31431-C
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗Exploit-DB
Cockpit 359 - RCE
Cockpit: cockpit: unauthenticated remote code execution due to ssh command-line argument injection
68RISCO
abrir ↗VulnCheck XDB
initial-access
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir ↗VulnCheck XDB
initial-access
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir ↗GitHub PoC
Scanner para identificação de servidores com softwares SSH possivelmente vulnerável às CVEs CVE-2024-6387 e CVE-2023-48795.
Openssh: regresshion - race condition in ssh allows rce/dos
63RISCO
abrir ↗GitHub PoC★ 2
Langflow Arbitrary Directory Deletion
Langflow: Path Traversal in Langflow Knowledge Bases API
48RISCO
abrir ↗GitHub PoC
CVE-2026-0300 PAN-OS 12.1, 11.2, 11.1, 10.2
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal
90RISCO
abrir ↗GitHub PoC★ 4
0xFuffM3/CVE-2026-31635-DirtyDecrypt
rxrpc: fix oversized RESPONSE authenticator length check
41RISCO
abrir ↗GitHub PoC
CVE-2026-31431-CopyFail---Minified-LPE-PoC
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 1
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload → RCE
Piotnet Addons for Elementor Pro <= 7.1.70 - Unauthenticated Arbitrary File Upload via Form File Upload
48RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-9082
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir ↗Exploit-DB
FUXA 1.2.9 - RCE
FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
48RISCO
abrir ↗GitHub PoC
Vulnerability Case Study: CVE-2026-33829 (Windows Snipping Tool NTLM Coercion)
Windows Snipping Tool Spoofing Vulnerability
33RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.