Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
71.180 exploits
GitHub PoC1
CVE-2026-44403-WingFTP-v8.1.2-POC-Exploit
CVE-2026-44403HIGH14 mai 2026
Wing FTP Server < 8.1.3 Authenticated Remote Code Execution via Session Serialization
41RISCO
abrir
GitHub PoC1
CVE-2026-46300
CVE-2026-46300HIGH14 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC
A CopyFail CVE-2026-31431 implementation in python that isnt slop! Bring your own payload
CVE-2026-31431HIGHsob ataque14 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC46
exploit for CVE-2026-42945
CVE-2026-42945CRITICAL14 mai 2026
NGINX ngx_http_rewrite_module vulnerability
60RISCO
abrir
GitHub PoC1
Sentebale/CVE-2026-46300
CVE-2026-46300HIGH14 mai 2026
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir
GitHub PoC
A comprehensive full-lifecycle penetration testing project on Joomla 4.2.5 exploiting CVE-2023-23752 inside a Dockerized lab environment
CVE-2023-23752MEDIUMsob ataque14 mai 2026
[20230201] - Core - Improper access check in webservice endpoints
100RISCO
abrir
GitHub PoC1
Proof of concept exploit for CVE-2026-46391
CVE-2026-46391HIGH14 mai 2026
HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis
41RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-8181CRITICAL14 mai 2026
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir
VulnCheck XDB
initial-access
CVE-2021-22204MEDIUMsob ataque14 mai 2026
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code exec
100RISCO
abrir
GitHub PoC
0xFuffM3/CVE-2026-31431-CopyFail
CVE-2026-31431HIGHsob ataque14 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHsob ataque14 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
ydking0911/CVE-2026-4060-PoC
CVE-2026-4060HIGH14 mai 2026
Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'sort' Parameter
41RISCO
abrir
Exploit-DB
Ninja Forms Uploads - Unauthenticated PHP File Upload
CVE-2026-0740CRITICAL13 mai 2026
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISCO
abrir
GitHub PoC3
masjadaan/CVE-2025-29338
CVE-2025-29338MEDIUM13 mai 2026
NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buff
33RISCO
abrir
GitHub PoC1
CVE-2026-8196
CVE-2026-8196MEDIUM13 mai 2026
JeecgBoot mLogin Endpoint LoginController.java authorization
33RISCO
abrir
GitHub PoC
There is a path injection vulnerability in OpenPLC-v3, which arises from the program not performing any validity checks on the file path parameters passed in from the command line. Attackers can read any readable file by constructing malicious paths, posing a risk of information leakage.
CVE-2026-31156MEDIUM13 mai 2026
A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program com
33RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-33626-Lab
CVE-2026-33626HIGH13 mai 2026
LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
68RISCO
abrir
GitHub PoC
Controlled reproduction of CVE-2017-0144 (EternalBlue) in an isolated AWS EC2 lab — exploit analysis, Wireshark traffic capture, and MITRE ATT&CK mapping
CVE-2017-0144HIGHsob ataqueransomware13 mai 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
GitHub PoC254
Full exploit code for CVE-2026-40369 - A Windows kernel arbitrary write vulnerability that allows browser sandbox escape from all browsers render process sandbox
CVE-2026-40369HIGH13 mai 2026
Windows Kernel Elevation of Privilege Vulnerability
41RISCO
abrir
GitHub PoC
bogdanrotariu/cve-2026-29204-whmcs-clientarea-addonid
CVE-2026-29204CRITICAL13 mai 2026
Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using anoth
48RISCO
abrir
VulnCheck XDB
local
CVE-2026-43284HIGH13 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
VulnCheck XDB
local
CVE-2024-44258HIGH13 mai 2026
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18
41RISCO
abrir
Exploit-DB
glances 4.5.2 - command injection
CVE-2026-33641HIGH13 mai 2026
Glances Vulnerable to Command Injection via Dynamic Configuration Values
41RISCO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHsob ataque13 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
VulnCheck XDB
local
CVE-2026-31431HIGHsob ataque13 mai 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
GitHub PoC
CVE-2026-44277
CVE-2026-44277CRITICAL13 mai 2026
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticat
48RISCO
abrir
GitHub PoC
OOB verifier for GHSA-c4j6-fc7j-m34r / CVE-2026-44578 (Next.js WebSocket-upgrade SSRF)
CVE-2026-44578HIGH13 mai 2026
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir
GitHub PoC
Checker and fixer for all 13 vulnerabilities in the Next.js May 2026 security release (CVE-2026-23870)
CVE-2026-23870HIGH13 mai 2026
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpo
41RISCO
abrir
Exploit-DB
Flowise < 3.0.5 - Missing Authentication for Critical Function
CVE-2025-58434CRITICAL13 mai 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir
GitHub PoC1
First CTF successfully completed! This repo documents my walkthrough of TryHackMe's Simple CTF. It covers network reconnaissance (Nmap), web exploitation (CVE-2019-9053), and credential cracking. As a dev, it was great to pivot from SQLi to a Root shell by leveraging Sudo misconfigurations. Educational purposes only.
CVE-2019-905313 mai 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir
anteriorpágina 59 / 2.373próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.