Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.180 exploits
GitHub PoC★ 1
CVE-2026-44403-WingFTP-v8.1.2-POC-Exploit
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RISCO
abrir ↗GitHub PoC
A CopyFail CVE-2026-31431 implementation in python that isnt slop! Bring your own payload
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 1
Sentebale/CVE-2026-46300
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir ↗GitHub PoC
A comprehensive full-lifecycle penetration testing project on Joomla 4.2.5 exploiting CVE-2023-23752 inside a Dockerized lab environment
[20230201] - Core - Improper access check in webservice endpoints
100RISCO
abrir ↗GitHub PoC★ 1
Proof of concept exploit for CVE-2026-46391
HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis
41RISCO
abrir ↗VulnCheck XDB
initial-access
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir ↗VulnCheck XDB
initial-access
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code exec
100RISCO
abrir ↗GitHub PoC
0xFuffM3/CVE-2026-31431-CopyFail
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
ydking0911/CVE-2026-4060-PoC
Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'sort' Parameter
41RISCO
abrir ↗Exploit-DB
Ninja Forms Uploads - Unauthenticated PHP File Upload
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISCO
abrir ↗GitHub PoC★ 3
masjadaan/CVE-2025-29338
NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buff
33RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-8196
JeecgBoot mLogin Endpoint LoginController.java authorization
33RISCO
abrir ↗GitHub PoC
There is a path injection vulnerability in OpenPLC-v3, which arises from the program not performing any validity checks on the file path parameters passed in from the command line. Attackers can read any readable file by constructing malicious paths, posing a risk of information leakage.
A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program com
33RISCO
abrir ↗GitHub PoC
rootdirective-sec/CVE-2026-33626-Lab
LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
68RISCO
abrir ↗GitHub PoC
Controlled reproduction of CVE-2017-0144 (EternalBlue) in an isolated AWS EC2 lab — exploit analysis, Wireshark traffic capture, and MITRE ATT&CK mapping
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir ↗GitHub PoC★ 254
Full exploit code for CVE-2026-40369 - A Windows kernel arbitrary write vulnerability that allows browser sandbox escape from all browsers render process sandbox
Windows Kernel Elevation of Privilege Vulnerability
41RISCO
abrir ↗GitHub PoC
bogdanrotariu/cve-2026-29204-whmcs-clientarea-addonid
Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using anoth
48RISCO
abrir ↗VulnCheck XDB
local
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18
41RISCO
abrir ↗Exploit-DB
glances 4.5.2 - command injection
Glances Vulnerable to Command Injection via Dynamic Configuration Values
41RISCO
abrir ↗GitHub PoC
CVE-2026-44277
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticat
48RISCO
abrir ↗GitHub PoC
OOB verifier for GHSA-c4j6-fc7j-m34r / CVE-2026-44578 (Next.js WebSocket-upgrade SSRF)
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir ↗GitHub PoC
Checker and fixer for all 13 vulnerabilities in the Next.js May 2026 security release (CVE-2026-23870)
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpo
41RISCO
abrir ↗Exploit-DB
Flowise < 3.0.5 - Missing Authentication for Critical Function
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir ↗GitHub PoC★ 1
First CTF successfully completed! This repo documents my walkthrough of TryHackMe's Simple CTF. It covers network reconnaissance (Nmap), web exploitation (CVE-2019-9053), and credential cracking. As a dev, it was great to pivot from SQLi to a Root shell by leveraging Sudo misconfigurations. Educational purposes only.
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.