Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC10
DaemonSet для митигации уязвимости CVE-2026-31431 (Copy Fail)
CVE-2026-31431HIGHsob ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Wazuh SCA Linux hardening policy for Copy Fail (CVE-2026-31431)
CVE-2026-31431HIGHsob ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC3
根据py版本,升级成了c和rust版本,带加密混淆、0依赖(仅技术学习与分享)
CVE-2026-31431HIGHsob ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC2
Temporarily removes the root password using CVE-2026-31431
CVE-2026-31431HIGHsob ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Gogs CVE-2025-8110 RCE Exploit
CVE-2025-8110HIGHsob ataque30 abr 2026
File overwrite in file update API in Gogs
100RISCO
abrir
GitHub PoC
ryan2929/CVE-2026-31431
CVE-2026-31431HIGHsob ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC2
Detection rules for CVE-2026-31431 Linux LPE Vulnerability - Credit: (Copy Fail) https://copy.fail
CVE-2026-31431HIGHsob ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
TheMursalin/CVE-2025-32432
CVE-2025-32432CRITICALsob ataque30 abr 2026
Craft CMS Allows Remote Code Execution
100RISCO
abrir
GitHub PoC31
BPF-LSM mitigation for CVE-2026-31431 (Copy Fail) — denies AF_ALG socket creation cluster-wide
CVE-2026-31431HIGHsob ataque30 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Unauthenticated time-based blind SQL injection PoC for VICIdial CVE-2024-8503, with metadata extraction, resumable scans, and strict safety limits.
CVE-2024-8503CRITICAL29 abr 2026
VICIdial Unauthenticated SQL Injection
85RISCO
abrir
GitHub PoC1
Automated detection & exploitation of critical PHP vulnerabilities (CVE-2024-4577 bypass, CVE-2025-14177, CVE-2025-14180, CVE-2025-14178)
CVE-2024-4577CRITICALsob ataqueransomware29 abr 2026
Argument Injection in PHP-CGI
100RISCO
abrir
GitHub PoC
dinhthihanhle1989-max/CVE-2024-29988
CVE-2024-29988HIGHsob ataque29 abr 2026
SmartScreen Prompt Security Feature Bypass Vulnerability
83RISCO
abrir
GitHub PoC
Escaneo de vulnerabilidades, análisis de tráfico con Wireshark y explotación controlada del CVE-2011-2523 (vsftpd 2.3.4) en entorno de red segura.
CVE-2011-252329 abr 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC433
Cross-platform C port of the Copy Fail Linux LPE (CVE-2026-31431). Disclosed 2026-04-29 by Theori / Xint.
CVE-2026-31431HIGHsob ataque29 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Wise-Security/CVE-2026-38945
CVE-2026-38945HIGH29 abr 2026
Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary cod
41RISCO
abrir
GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56537
CVE-2025-56537MEDIUM28 abr 2026
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute
33RISCO
abrir
GitHub PoC1
POC for CVE-2026-39816 which allows NiFi users without execute code permissions to run arbitrary scripts
CVE-2026-39816HIGH28 abr 2026
Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService
21RISCO
abrir
GitHub PoC7
Time-based SQL injection PoC for CVE-2024-51482 in ZoneMinder, with reproducible Docker lab and automated data extraction.
CVE-2024-51482CRITICAL28 abr 2026
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RISCO
abrir
GitHub PoC
B1gN0Se/PwnKit_CVE-2021-4034
CVE-2021-4034HIGHsob ataque28 abr 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56534
CVE-2025-56534MEDIUM28 abr 2026
A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers t
33RISCO
abrir
GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56536
CVE-2025-56536MEDIUM28 abr 2026
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scri
33RISCO
abrir
GitHub PoC
MarkArtamonov/OpenNebula-CVE-2025-56535
CVE-2025-56535MEDIUM28 abr 2026
A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or
33RISCO
abrir
GitHub PoC
Esta falla permite a un atacante remoto y sin ningún tipo de autenticación acceder directamente a los tickets de soporte, casos internos y a todos sus archivos adjuntos confidenciales. Al iterar y descargar de forma automatizada los registros de Aranda, dejando la información sensible expuesta a una exfiltración masiva.
CVE-2025-67223HIGH28 abr 2026
The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs w
41RISCO
abrir
GitHub PoC
Log4Shell (CVE-2021-44228) defense lab — nginx + Coraza WAF dynamic module + OWASP CRS v4. Educational use only.
CVE-2021-44228CRITICALsob ataqueransomware28 abr 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
GitHub PoC1
melikesraoz/cve-2022-39227-jwt-auth-bypass-demo
CVE-2022-39227CRITICAL27 abr 2026
Python-jwt subject to Authentication Bypass by Spoofing
48RISCO
abrir
GitHub PoC
kaleth4/CVE-2021-44228
CVE-2021-44228CRITICALsob ataqueransomware27 abr 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
GitHub PoC
Analysis and PoC for CVE-2018-14847, MikroTik RouterOS Winbox information disclosure vulnerability allowing unauthenticated read access to the credential database.
CVE-2018-14847CRITICALsob ataque27 abr 2026
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated
100RISCO
abrir
GitHub PoC
Multiple CVEs (CVE-2026-38934, CVE-2026-38935, CVE-2026-38936) discovered in diskover-community including CSRF and XSS vulnerabilities with proof-of-concept and impact analysis.
CVE-2026-38934HIGH27 abr 2026
Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker
41RISCO
abrir
GitHub PoC
A black box penetration test on HackTheBox's CCTV machine achieving full root compromise via four vulnerabilities: default credentials, SQL injection (CVE-2024-51482), password hash cracking, and Remote Code Execution in motionEye (CVE-2025-60787)
CVE-2025-60787HIGH26 abr 2026
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RISCO
abrir
GitHub PoC
A black box penetration test on HackTheBox's CCTV machine achieving full root compromise via four vulnerabilities: default credentials, SQL injection (CVE-2024-51482), password hash cracking, and Remote Code Execution in motionEye (CVE-2025-60787)
CVE-2024-51482CRITICAL26 abr 2026
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RISCO
abrir
anteriorpágina 51 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.