Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
71.180 exploits
GitHub PoC4
CVE-2026-42897 - Exchange Health Checker blind spot: outbound IIS URL Rewrite rules silently ignored, making EOMT mitigations invisible in diagnostic reports.
CVE-2026-42897HIGHsob ataque15 mai 2026
Microsoft Exchange Server Spoofing Vulnerability
71RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-0770CRITICAL15 mai 2026
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability
68RISCO
abrir
GitHub PoC13
CVE-2026-46300
CVE-2026-46300HIGH15 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC3
In‑depth technical analysis of CVE‑2026‑41096, a critical heap overflow in Windows DNSAPI.dll enabling remote code execution via crafted DNS responses. Includes attack vectors, patch insights, and defensive guidance for security teams.
CVE-2026-41096CRITICAL15 mai 2026
Windows DNS Client Remote Code Execution Vulnerability
48RISCO
abrir
GitHub PoC2
CVE-2026-8181 PoC: Burst Statistics (3.4.0–3.4.1.1) authentication bypass. Python tool — single & multi-target scans, threaded workers, TXT reports. Authorized testing only. Maintainer: mürrez.
CVE-2026-8181CRITICAL15 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
Exploit-DB
Windows Snipping Tool - NTLMv2 Hash Hijack
CVE-2026-33829MEDIUM15 mai 2026
Windows Snipping Tool Spoofing Vulnerability
33RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-8181CRITICAL14 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
VulnCheck XDB
denial-of-service
CVE-2011-319214 mai 2026
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attac
60RISCO
abrir
GitHub PoC1
Proof of concept exploit for CVE-2026-46391
CVE-2026-46391HIGH14 mai 2026
HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis
41RISCO
abrir
GitHub PoC5
CVE-2026-8181 - Burst Statistics 3.4.0-3.4.1.1 Unauthenticated Authentication Bypass to Admin Account Takeover | Proof of Concept
CVE-2026-8181CRITICAL14 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
VulnCheck XDB
initial-access
CVE-2021-22204MEDIUMsob ataque14 mai 2026
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code exec
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
Exploit-DB
ePati Antikor NGFW 2.0.1301 - Authentication Bypass
CVE-2026-2624CRITICAL14 mai 2026
Authentication Bypass in ePati's Antikor NGFW
48RISCO
abrir
VulnCheck XDB
denial-of-service
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC46
exploit for CVE-2026-42945
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC1
CVE-2026-46300
CVE-2026-46300HIGH14 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC
These detection scripts are property of the SECPlayground Platform. Two safe detection scripts. Neither drives the close_notify-mid-BDAT trigger, so they will not crash the daemon or leave panic-log entries. Both verdicts are "likely vulnerable" — distinguishing GnuTLS from OpenSSL builds remotely is not reliable without exploitation.
CVE-2026-45185CRITICAL14 mai 2026
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing p
48RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter
CVE-2026-6145MEDIUM14 mai 2026
User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter
33RISCO
abrir
GitHub PoC1
Sentebale/CVE-2026-46300
CVE-2026-46300HIGH14 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHsob ataque14 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
Snort 3 IDS → IPS lab on Kali. Custom detection rules + iptables enforcement against ICMP recon, Nmap SYN scans, Hydra FTP brute force, and vsftpd 2.3.4 backdoor (CVE-2011-2523).
CVE-2011-252314 mai 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
Exploit-DB
PJPROJECT 2.16 - Heap Bufferoverflow
CVE-2026-25994HIGH14 mai 2026
PJSIP has a heap buffer overflow in ICE with long username
41RISCO
abrir
GitHub PoC
A comprehensive full-lifecycle penetration testing project on Joomla 4.2.5 exploiting CVE-2023-23752 inside a Dockerized lab environment
CVE-2023-23752MEDIUMsob ataque14 mai 2026
[20230201] - Core - Improper access check in webservice endpoints
100RISCO
abrir
GitHub PoC19
NGINX Rift 漏洞分析与复现
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC2
CVE-2026-42945
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC
Test repo: simulates CVE-2025-30066 style compromised GitHub Action (for security research/testing chainradar)
CVE-2025-30066HIGHsob ataque14 mai 2026
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 thr
83RISCO
abrir
anteriorpágina 58 / 2.373próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.