Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.180 exploits
Exploit-DB
Windows Snipping Tool - NTLMv2 Hash Hijack
Windows Snipping Tool Spoofing Vulnerability
33RISCO
abrir ↗GitHub PoC★ 13
CVE-2026-46300
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir ↗GitHub PoC
tocong282/CVE-2026-44578-PoC
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir ↗GitHub PoC★ 3
Behavioral detection script for CVE-2026-42945 (NGINX Rift) — heap overflow in ngx_http_rewrite_module. No RCE, crash-based detection only.
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir ↗GitHub PoC
Centralized Wazuh SCA Assessment for CVE-2026-42945 on NGINX Servers
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir ↗VulnCheck XDB
initial-access
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
60RISCO
abrir ↗GitHub PoC
byezero/nginx-cve-2026-42945-check
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir ↗GitHub PoC★ 4
CVE-2026-42897 - Exchange Health Checker blind spot: outbound IIS URL Rewrite rules silently ignored, making EOMT mitigations invisible in diagnostic reports.
Microsoft Exchange Server Spoofing Vulnerability
71RISCO
abrir ↗GitHub PoC★ 6
Nuclei templates for detecting CVE-2026-44578 (Next.js WebSocket Upgrade SSRF) with multi-cloud metadata validation, Next.js fingerprinting, and real-world scanning workflows. Includes references to the original NextSSRF research and exploit tooling.
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-8181 PoC: Burst Statistics (3.4.0–3.4.1.1) authentication bypass. Python tool — single & multi-target scans, threaded workers, TXT reports. Authorized testing only. Maintainer: mürrez.
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir ↗GitHub PoC
nhh9905/CVE-2022-37969
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISCO
abrir ↗GitHub PoC★ 1
VsFTPd 2.3.4 Backdoor Command Execution
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir ↗GitHub PoC★ 2
Working PoC for CVE-2025-32432 - Craft CMS <= 5.6.16 unauthenticated RCE via Yii2 PhpManager gadget + nginx access.log poisoning
Craft CMS Allows Remote Code Execution
100RISCO
abrir ↗GitHub PoC
LangFlow RCE | CVE-2026-0770 | Proof-Of-Concept
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RISCO
abrir ↗GitHub PoC
Este proyecto tiene como objetivo demostrar de forma práctica el funcionamiento del exploit Dirty COW (CVE-2016-5195), una vulnerabilidad crítica del en el kernel de Linux. Se simula un escenario realista en el que un atacante con acceso local limitado a un sistema sin parchear logra escalar sus privilegios hasta obtener acceso completo como root.
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by lev
93RISCO
abrir ↗GitHub PoC
# CVE-2026-42154 — Prometheus Remote Read Snappy DoS
Prometheus: remote read endpoint allows denial of service via crafted snappy payload
41RISCO
abrir ↗GitHub PoC
CVE-2026-44338
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
61RISCO
abrir ↗GitHub PoC
Tester for CVE-2026-43284
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
Toshiba Qiomem.sys vulnerable driver POC (CVE-2026-56129)
Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insuf
33RISCO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-44338-Lab
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
61RISCO
abrir ↗GitHub PoC★ 18
Script Python para detecção de instâncias Nginx vulneráveis ao CVE-2026-42945 em IPs, CIDRs e ASNs.
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir ↗GitHub PoC★ 1
forxiucn/nginx-cve-2026-42945-poc
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir ↗VulnCheck XDB
initial-access
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir ↗GitHub PoC
Astianjy/CVE-2026-42203
LiteLLM: Server-Side Template Injection in /prompts/test endpoint
41RISCO
abrir ↗VulnCheck XDB
initial-access
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.