Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
71.180 exploits
GitHub PoC
CVE-2026-5118-exp_wordpress_Divi Form Builder
CVE-2026-5118CRITICAL21 mai 2026
Divi Form Builder <= 5.1.2 - Unauthenticated Privilege Escalation via 'role'
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-9082CRITICALsob ataque21 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-9082CRITICALsob ataque21 mai 2026
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
100RISCO
abrir
GitHub PoC
CVE-2026-46680 exploit
CVE-2026-46680HIGH21 mai 2026
containerd user ID handling bypass allows runAsNonRoot evasion
41RISCO
abrir
Exploit-DB
FUXA 1.2.9 - RCE
CVE-2026-25895CRITICAL21 mai 2026
FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
48RISCO
abrir
GitHub PoC4
PoC for CVE-2024-6678
CVE-2024-6678CRITICAL21 mai 2026
Authentication Bypass by Spoofing in GitLab
48RISCO
abrir
GitHub PoC3
CVE-2026-42945 - NGINX Rift Toolkit
CVE-2026-42945CRITICAL20 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC2
A Go implementation of fragnesia (CVE-2026-46300)
CVE-2026-46300HIGH20 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC
fevar54/FULL-ANALYSIS---CVE-2026-45829-ChromaDB-
CVE-2026-45829CRITICAL20 mai 2026
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an un
53RISCO
abrir
GitHub PoC
POC for CVE-2026-30950 which allows session hijacking in AutoGpt
CVE-2026-30950HIGH20 mai 2026
AutoGPT has Authenticated Session Hijacking via IDOR
41RISCO
abrir
GitHub PoC
A small script to apply Yellowkey mitigation based on CVE-2026-45585 instructions
CVE-2026-45585MEDIUM20 mai 2026
Windows BitLocker Security Feature Bypass Vulnerability
33RISCO
abrir
GitHub PoC
Maxime288/Fragnesia-CVE-2026-46300
CVE-2026-46300HIGH20 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC
Exploit for DirtyDecrypt - CVE-2026-31635 Local Privilege Escalation
CVE-2026-31635HIGH20 mai 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RISCO
abrir
GitHub PoC
Se realizó una evaluación de vulnerabilidades sobre una máquina virtual con Kali Linux utilizando un script detector para la vulnerabilidad Dirty Frag, asociada a las CVE-2026-43284 y CVE-2026-43500. Posteriormente se ejecutó un Proof of Concept (PoC) público escrito en lenguaje C para validar la posibilidad de realizar una escalada local
CVE-2026-43284HIGH20 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
POC_CVE-2026-35037
CVE-2026-35037HIGH20 mai 2026
Ech0 affected by unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata
41RISCO
abrir
GitHub PoC20
CVE-2026-31431-killed page-cache exploit — code exec into containers sharing the same image layer
CVE-2026-31431HIGHsob ataque20 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2026-42271HIGHsob ataque20 mai 2026
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RISCO
abrir
GitHub PoC
A Go implementation of dirtyfrag (CVE-2026-43284 / CVE-2026-43500)
CVE-2026-43284HIGH20 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
VulnCheck XDB
local
CVE-2021-4034HIGHsob ataque20 mai 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC
One-command scanner for the Mini Shai-Hulud npm supply-chain worm (CVE-2026-45321). Detect before rotating tokens.
CVE-2026-45321CRITICALsob ataqueransomware20 mai 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir
VulnCheck XDB
local
CVE-2021-4034HIGHsob ataque20 mai 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-29927CRITICAL20 mai 2026
Authorization Bypass in Next.js Middleware
85RISCO
abrir
GitHub PoC1
CVE-2026-2587 PoC validator for Eclipse GlassFish EL Injection RCE in the admin console gadget.jsf handler. Safe authenticated vulnerability scanner for authorized testing.
CVE-2026-2587CRITICAL20 mai 2026
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used
48RISCO
abrir
GitHub PoC
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
CVE-2026-31635HIGH20 mai 2026
rxrpc: fix oversized RESPONSE authenticator length check
41RISCO
abrir
GitHub PoC
Exploit for CVE-2026-41651 - PackageKit TOCTOU Local Privilege Escalation (Pack2TheRoot)
CVE-2026-41651HIGH20 mai 2026
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
41RISCO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-42271HIGHsob ataque20 mai 2026
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RISCO
abrir
GitHub PoC
CVE-2025-8110 Proof of Concept
CVE-2025-8110HIGHsob ataque20 mai 2026
File overwrite in file update API in Gogs
100RISCO
abrir
GitHub PoC
CVE-2024-4367–PDF.js-xss
CVE-2024-4367MEDIUM20 mai 2026
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js c
55RISCO
abrir
GitHub PoC23
An automated exploit for CVE-2026-0073 (Android ADB TLS Auth Bypass). Features a built-in mDNS/Zeroconf scanner to instantly discover randomized Wireless Debugging ports on Android 13+ and establishes a fully interactive raw PTY shell.
CVE-2026-0073HIGH20 mai 2026
In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic err
41RISCO
abrir
GitHub PoC2
PoC for PwnKit / CVE-2021-4034 - Pkexec Local Privilege Escalation
CVE-2021-4034HIGHsob ataque20 mai 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
anteriorpágina 51 / 2.373próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.