Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
71.180 exploits
VulnCheck XDB
local
CVE-2020-17103HIGH17 mai 2026
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
46RISCO
abrir
GitHub PoC1
Use CVE-2026-46333 and CVE-2026-31431 to change any user's password.
CVE-2026-46333HIGH17 mai 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISCO
abrir
GitHub PoC35
CVE-2026-46333
CVE-2026-46333HIGH17 mai 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-8181-Lab
CVE-2026-8181CRITICAL17 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
GitHub PoC
Python script to sweep a fleet of Palo Alto firewalls and Panoramas via SSH, check PAN-OS version against CVE-2026-0265 (Authentication Bypass via Cloud Authentication Service), detect whether CAS is actually configured, and report exploitability in a color-coded summary table.
CVE-2026-0265HIGH17 mai 2026
PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled
41RISCO
abrir
GitHub PoC5
Research on `pidfd_getfd(2)`-based file descriptor leakage from privileged SUID processes. Demonstrates race-condition FD capture against OpenSSH `ssh-keysign` and exposure of sensitive root-owned file handles.
CVE-2026-46333HIGH17 mai 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISCO
abrir
GitHub PoC
CVE-2026-8181 | Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
CVE-2026-8181CRITICAL17 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-6433HIGH16 mai 2026
Custom CSS JS PHP <= 2.0.7 - Unauthenticated SQL Injection to RCE
56RISCO
abrir
GitHub PoC
lwd3c/CVE-2026-46586
CVE-2026-46586HIGH16 mai 2026
Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution
21RISCO
abrir
GitHub PoC7
CVE-2026-44578: Next.js WebSocket Upgrade SSRF — pre-auth credential theft via localhost:80. Lab + exploit + audit.
CVE-2026-44578HIGH16 mai 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir
GitHub PoC1
CVE-2026-44578
CVE-2026-44578HIGH16 mai 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir
GitHub PoC
CVE-2026-45091
CVE-2026-45091CRITICAL16 mai 2026
sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)
48RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-59528CRITICAL16 mai 2026
Flowise has Remote Code Execution vulnerability
85RISCO
abrir
GitHub PoC2
Technical breakdown of CVE-2026-34473, an unauthenticated denial of service affecting 17+ ZTE router models.
CVE-2026-34473HIGH16 mai 2026
Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-39987CRITICALsob ataque16 mai 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISCO
abrir
GitHub PoC
CVE-2026-6857
CVE-2026-6857HIGH16 mai 2026
Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization
41RISCO
abrir
GitHub PoC
Read-only cPanel CVE-2026-41940 IOC detector for .sorry ransomware, Mr_Rot13 Filemanager backdoors, C2 callbacks, cron, SSH, and logs.
CVE-2026-41940CRITICALsob ataqueransomware16 mai 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL16 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL16 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Trigger-aware web server CVE audit for nginx and Apache. Goes beyond version matching by checking whether the vulnerable code path is actually reachable in your configuration. Classifies findings as Active / Latent / Unverified. Single-file Python 3.5+, no dependencies.
CVE-2026-42945CRITICAL16 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC1
CVE-2026-42945 nginx 32-bit exploit lab ASLR enabled
CVE-2026-42945CRITICAL16 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
VulnCheck XDB
initial-access
CVE-2023-26360HIGHsob ataque16 mai 2026
Adobe ColdFusion Improper Access Control Arbitrary code execution
100RISCO
abrir
GitHub PoC
Source-built nginx 1.25.5 container with backported CVE-2026-42945 fix, OpenSSL bump, full provenance chain, and VEX attestation.
CVE-2026-42945CRITICAL16 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC18
nginx CVE scanner + RCE exploit framework (CVE-2026-42945 + 16 others)
CVE-2026-42945CRITICAL16 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Free NGINX Rift CVE-2026-42945 detector for version, rewrite config, ASLR, crash logs, and exploitation indicators.
CVE-2026-42945CRITICAL16 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC4
CVE-2026-38526 | Krayin CRM v2.2.x Authenticated RCE - Unrestricted PHP File Upload via TinyMCE
CVE-2026-38526CRITICAL16 mai 2026
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RISCO
abrir
GitHub PoC6
CHARON — pre-built PoC for CVE-2026-46333 (Linux ptrace mm==NULL fd theft)
CVE-2026-46333HIGH16 mai 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISCO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHsob ataque16 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
CVE-2026-39987
CVE-2026-39987CRITICALsob ataque16 mai 2026
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISCO
abrir
VulnCheck XDB
local
CVE-2026-43284HIGH16 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
anteriorpágina 55 / 2.373próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.