Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.180 exploits
GitHub PoC
Maxime288/CVE-2026-8838-RCE
Remote Code Execution via eval() Injection in amazon-redshift-python-driver
48RISCO
abrir ↗GitHub PoC
rufflabs/CVE-2026-36748
RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile.
48RISCO
abrir ↗GitHub PoC
The code for personally reproducing the corresponding vulnerability
LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint
61RISCO
abrir ↗GitHub PoC
Writeup da sala Blue do TryHackMe — exploração do EternalBlue (MS17-010/CVE-2017-0143).
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir ↗GitHub PoC
SMB Red Team Lab— NTLM Relay via LLMNR Poisoning, CVE-2007-2447, NTLMv2 Hash Cracking & NT AUTHORITY\SYSTEM on Windows 10
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISCO
abrir ↗GitHub PoC
PwnKit (CVE-2021-4034) Safe Checker This tool performs read-only checks and does not attempt exploitation.
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir ↗GitHub PoC
CVE-2026-30691: Stored Cross-Site Scripting (XSS) in @cyntler/react-doc-viewer
Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitra
33RISCO
abrir ↗VulnCheck XDB
local
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path,
78RISCO
abrir ↗GitHub PoC★ 1
Dirty Frag - kernel Linux critical Vulnerability
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
Xmyronn/CVE-2026-11344-RCE
code-projects Vehicle Management System New Driver Registration Form newdriver.php unrestricted upload
33RISCO
abrir ↗GitHub PoC★ 1
POC_CVE-2026-45185 for nuclei-templates
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing p
48RISCO
abrir ↗GitHub PoC★ 1
A report on Dirty Frag, which is a Linux Local Privilege Escalation (LPE) vulnerability chain that allows an unprivileged user to gain root access
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗VulnCheck XDB
initial-access
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISCO
abrir ↗VulnCheck XDB
local
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir ↗GitHub PoC
CVE-2026-46300 / CVE-2026-43500 / CVE-2026-31431 / CVE-2026-43284 golang hotfix
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir ↗VulnCheck XDB
local
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
46RISCO
abrir ↗GitHub PoC★ 1
This repository provides proof of concept (PoC) for the CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir ↗GitHub PoC
A lightweight Python-based security assessment tool for detecting dangerous Cross-Origin Resource Sharing (CORS) misconfigurations - CVE-2025-34291.
Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE
100RISCO
abrir ↗GitHub PoC
Research environment and validation scripts for evaluating deserialization behaviors in MLflow and MLServer.
Command Injection in mlflow/mlflow
48RISCO
abrir ↗GitHub PoC★ 1
IOC checker for the TanStack/Mini Shai-Hulud npm supply chain attack (CVE-2026-45321)
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir ↗GitHub PoC
Ne0zer01/CVE-2024-27198_LAB
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISCO
abrir ↗GitHub PoC
Lab for the CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISCO
abrir ↗GitHub PoC
Desc "CVE-2026-8053 CHECKER"-20260518-16h30-GMT+7
FlatBSON Duplicate Field Index Drift
41RISCO
abrir ↗GitHub PoC★ 3
暂无
WordPress Livemesh Addons for Elementor plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability
33RISCO
abrir ↗GitHub PoC
a.k.a. React2Shell
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
CaginKyr/CVE-2026-5203
CMS Made Simple UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder path traversal
33RISCO
abrir ↗GitHub PoC
Technical breakdown of CVE-2026-34472, an auth bypass via leaked credentials affecting ZTE H188A routers.
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.