Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
71.180 exploits
GitHub PoC3
CVE-2026-33825
CVE-2026-33825HIGHsob ataqueransomware18 mai 2026
Microsoft Defender Elevation of Privilege Vulnerability
71RISCO
abrir
GitHub PoC
LAT-06/CVE-2026-34197
CVE-2026-34197HIGHsob ataque18 mai 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISCO
abrir
GitHub PoC4
IKEv2, ikeext.dll, CVE-2026-33824, double free, heap grooming, ROP, SKF fragmentation, Windows exploit, anti-debug, obfuscation, API hooking, shellcode, reverse shell
CVE-2026-33824CRITICAL18 mai 2026
Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
60RISCO
abrir
GitHub PoC
cj667113/OCI-Ansible-Fix-CVE-2026-31431
CVE-2026-31431HIGHsob ataque18 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC1
这是一个面向防守和内网排查的 Apache ActiveMQ Classic 暴露面检测工具,用于辅助评估 CVE-2026-34197 相关风险。
CVE-2026-34197HIGHsob ataque18 mai 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISCO
abrir
GitHub PoC
This repository contains information about the CVE-2026-36438
CVE-2026-36438MEDIUM18 mai 2026
An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information
33RISCO
abrir
GitHub PoC
a.k.a. React2Shell
CVE-2025-55182CRITICALsob ataqueransomware18 mai 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2026-34197HIGHsob ataque18 mai 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISCO
abrir
GitHub PoC
Ne0zer01/CVE-2024-27198_LAB
CVE-2024-27198CRITICALsob ataqueransomware18 mai 2026
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISCO
abrir
GitHub PoC
Attack and Defense course project focused on CVE-2017-5638 analysis, exploitation, and mitigation.
CVE-2017-5638CRITICALsob ataqueransomware18 mai 2026
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISCO
abrir
GitHub PoC
Lab for the CVE-2024-27198
CVE-2024-27198CRITICALsob ataqueransomware18 mai 2026
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
100RISCO
abrir
GitHub PoC1
这是一个面向防守和内网排查的 CVE-2026-42945 静态检测工具,用于检查 NGINX ngx_http_rewrite_module 相关配置是否存在高风险 rewrite 组合。
CVE-2026-42945CRITICAL18 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC3
暂无
CVE-2026-39636MEDIUM18 mai 2026
WordPress Livemesh Addons for Elementor plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability
33RISCO
abrir
GitHub PoC
Technical breakdown of CVE-2026-34472, an auth bypass via leaked credentials affecting ZTE H188A routers.
CVE-2026-34472HIGH18 mai 2026
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows u
41RISCO
abrir
GitHub PoC
CVE-2026-46300 / CVE-2026-43500 / CVE-2026-31431 / CVE-2026-43284 golang hotfix
CVE-2026-46300HIGH18 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
VulnCheck XDB
local
CVE-2020-17103HIGH18 mai 2026
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
46RISCO
abrir
VulnCheck XDB
local
CVE-2020-17103HIGH17 mai 2026
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
46RISCO
abrir
GitHub PoC1
Use CVE-2026-46333 and CVE-2026-31431 to change any user's password.
CVE-2026-46333HIGH17 mai 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISCO
abrir
GitHub PoC35
CVE-2026-46333
CVE-2026-46333HIGH17 mai 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISCO
abrir
GitHub PoC
Python script to sweep a fleet of Palo Alto firewalls and Panoramas via SSH, check PAN-OS version against CVE-2026-0265 (Authentication Bypass via Cloud Authentication Service), detect whether CAS is actually configured, and report exploitability in a color-coded summary table.
CVE-2026-0265HIGH17 mai 2026
PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled
41RISCO
abrir
GitHub PoC1
Renison-Gohel/CVE-2026-42945-NGINX-Rift
CVE-2026-42945CRITICAL17 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC3
🛡️ Script to test for NGINX CVE-2026-42945
CVE-2026-42945CRITICAL17 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC5
Research on `pidfd_getfd(2)`-based file descriptor leakage from privileged SUID processes. Demonstrates race-condition FD capture against OpenSSH `ssh-keysign` and exposure of sensitive root-owned file handles.
CVE-2026-46333HIGH17 mai 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISCO
abrir
GitHub PoC1
usmansec/-CVE-2021-4034
CVE-2021-4034HIGHsob ataque17 mai 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC
DFIR investigation + 7 Suricata rules on a simulated NexaCorp intrusion (vsftpd 2.3.4 CVE-2011-2523 + MITRE Caldera C2). 4-day solo engagement (BeCode Brussels Mission 01). 54-page report, 10 findings, 7/7 rules validated by PCAP replay.
CVE-2011-252317 mai 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC4
PoC for CVE-2023-2825: automated GitLab 16.0.0 arbitrary file read via nested public groups, project upload traversal, reusable upload paths, and clean CLI output.
CVE-2023-2825CRITICAL17 mai 2026
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a
85RISCO
abrir
GitHub PoC
Authenticated RCE PoC for Flowise version <= 3.0.5 via CustomMCP Node (CVE-2025-59528)
CVE-2025-59528CRITICAL17 mai 2026
Flowise has Remote Code Execution vulnerability
85RISCO
abrir
GitHub PoC1
Use CVE-2026-46333 and CVE-2026-31431 to change any user's password.
CVE-2026-46333HIGH17 mai 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISCO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHsob ataque17 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-8181CRITICAL17 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
anteriorpágina 54 / 2.373próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.