Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
71.180 exploits
GitHub PoC20
CVE-2026-31431-killed page-cache exploit — code exec into containers sharing the same image layer
CVE-2026-31431HIGHsob ataque20 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
VulnCheck XDB
local
CVE-2021-4034HIGHsob ataque20 mai 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC
Maxime288/Fragnesia-CVE-2026-46300
CVE-2026-46300HIGH20 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC
fevar54/FULL-ANALYSIS---CVE-2026-45829-ChromaDB-
CVE-2026-45829CRITICAL20 mai 2026
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an un
53RISCO
abrir
GitHub PoC
a24ac1/CVE-2026-0740
CVE-2026-0740CRITICAL20 mai 2026
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISCO
abrir
GitHub PoC
Se realizó una evaluación de vulnerabilidades sobre una máquina virtual con Kali Linux utilizando un script detector para la vulnerabilidad Dirty Frag, asociada a las CVE-2026-43284 y CVE-2026-43500. Posteriormente se ejecutó un Proof of Concept (PoC) público escrito en lenguaje C para validar la posibilidad de realizar una escalada local
CVE-2026-43284HIGH20 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
POC for CVE-2026-30950 which allows session hijacking in AutoGpt
CVE-2026-30950HIGH20 mai 2026
AutoGPT has Authenticated Session Hijacking via IDOR
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-29927CRITICAL20 mai 2026
Authorization Bypass in Next.js Middleware
85RISCO
abrir
GitHub PoC
A Go implementation of dirtyfrag (CVE-2026-43284 / CVE-2026-43500)
CVE-2026-43284HIGH20 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC1
CVE-2026-2587 PoC validator for Eclipse GlassFish EL Injection RCE in the admin console gadget.jsf handler. Safe authenticated vulnerability scanner for authorized testing.
CVE-2026-2587CRITICAL20 mai 2026
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used
48RISCO
abrir
GitHub PoC
One-command scanner for the Mini Shai-Hulud npm supply-chain worm (CVE-2026-45321). Detect before rotating tokens.
CVE-2026-45321CRITICALsob ataqueransomware20 mai 2026
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir
GitHub PoC2
A Go implementation of fragnesia (CVE-2026-46300)
CVE-2026-46300HIGH20 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC
Exploit for CVE-2026-41651 - PackageKit TOCTOU Local Privilege Escalation (Pack2TheRoot)
CVE-2026-41651HIGH20 mai 2026
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
41RISCO
abrir
VulnCheck XDB
local
CVE-2021-4034HIGHsob ataque20 mai 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC
The code for personally reproducing the corresponding vulnerability
CVE-2026-40217HIGH19 mai 2026
LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/t
41RISCO
abrir
GitHub PoC1
RedCrazyGhost/CVE-2026-42945
CVE-2026-42945CRITICAL19 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
CVE-2026-30691: Stored Cross-Site Scripting (XSS) in @cyntler/react-doc-viewer
CVE-2026-30691MEDIUM19 mai 2026
Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitra
33RISCO
abrir
GitHub PoC
anonmrc/CVE-2026-34486-e-Tomcat-Tribes
CVE-2026-34486HIGH19 mai 2026
Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor
61RISCO
abrir
VulnCheck XDB
local
CVE-2026-43284HIGH19 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
Exploit code for CVE-2026-42096 and CVE-2026-42097 allowing for arbitrary SQL command execution without authentication.
CVE-2026-42096HIGH19 mai 2026
Broken Access Control in Sparx Pro Cloud Server
41RISCO
abrir
GitHub PoC
Maxime288/CVE-2026-8838-RCE
CVE-2026-8838CRITICAL19 mai 2026
Remote Code Execution via eval() Injection in amazon-redshift-python-driver
48RISCO
abrir
GitHub PoC
imSre9/CVE-2026-42945
CVE-2026-42945CRITICAL19 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC1
Dirty Frag - kernel Linux critical Vulnerability
CVE-2026-43284HIGH19 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC1
A report on Dirty Frag, which is a Linux Local Privilege Escalation (LPE) vulnerability chain that allows an unprivileged user to gain root access
CVE-2026-43284HIGH19 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
GitHub PoC
Xmyronn/CVE-2026-11344-RCE
CVE-2026-11344MEDIUM19 mai 2026
code-projects Vehicle Management System New Driver Registration Form newdriver.php unrestricted upload
33RISCO
abrir
VulnCheck XDB
info-leak
CVE-2024-36420HIGH19 mai 2026
GHSL-2023-232: Flowise Path Injection at /api/v1/openai-assistants-file
56RISCO
abrir
GitHub PoC1
CVE-2026-34474: unauthenticated ETHCheat=1 requests leak the admin password and Wi-Fi PSK from ZTE H298A/H108N routers.
CVE-2026-34474HIGH19 mai 2026
Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to
46RISCO
abrir
GitHub PoC
NGINX CVE-2026-42945 一键修复脚本
CVE-2026-42945CRITICAL19 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
VulnCheck XDB
local
CVE-2024-37032HIGH19 mai 2026
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,
78RISCO
abrir
GitHub PoC
SMB Red Team Lab— NTLM Relay via LLMNR Poisoning, CVE-2007-2447, NTLMv2 Hash Cracking & NT AUTHORITY\SYSTEM on Windows 10
CVE-2007-244719 mai 2026
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISCO
abrir
anteriorpágina 52 / 2.373próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.