Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.180 exploits
GitHub PoC
Reproduced the fileless LPE CVE‑2026‑31431 (“Copy Fail”) on Kali Linux, then built auditd, Sigma & YARA detections to catch this stealthy kernel exploit that leaves no disk footprint.
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
Controlled reproduction of CVE-2017-0144 (EternalBlue) in an isolated AWS EC2 lab — exploit analysis, Wireshark traffic capture, and MITRE ATT&CK mapping
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir ↗GitHub PoC
A tiny explanation + PoC for CVE-2026-43284
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗GitHub PoC
CVE-2026-44277
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticat
48RISCO
abrir ↗GitHub PoC★ 254
Full exploit code for CVE-2026-40369 - A Windows kernel arbitrary write vulnerability that allows browser sandbox escape from all browsers render process sandbox
Windows Kernel Elevation of Privilege Vulnerability
41RISCO
abrir ↗GitHub PoC★ 1
Analísis - POC - Mitigación
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2026-8196
JeecgBoot mLogin Endpoint LoginController.java authorization
33RISCO
abrir ↗GitHub PoC
Checker and fixer for all 13 vulnerabilities in the Next.js May 2026 security release (CVE-2026-23870)
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpo
41RISCO
abrir ↗GitHub PoC
this little script blocks the new splice-ram-privlilleg ecalation fastly befor the contributers do it ( CVE-2026-31431) (CopyFail fix)
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
FrosterDL/CVE-2026-43284
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir ↗Exploit-DB
coreruleset 4.21.0 - Firewall Bypass
OWASP CRS has multipart bypass using multiple content-type parts
53RISCO
abrir ↗GitHub PoC★ 3
A Bash implementation of copyfail (CVE-2026-31431)
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC★ 6
🚀 CVE-2026-41940 cPanel/WHM Auth Bypass Exploit - Best Flow 💥 CRLF injection leads to auth bypass, session hijacking & account leak. ✅ Proxy, custom UA, keep-alive, retries, SSL verify, colored output, file save support. ⚡ Advanced PoC for pentesters.
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir ↗GitHub PoC
y0naldez/CVE-2024-28397-Js2Py-RCE
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a
48RISCO
abrir ↗GitHub PoC
sh4den/CVE-2026-31431-copyfail-aarch64
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗VulnCheck XDB
denial-of-service
PgBouncer integer overflow in PgBouncer network packet parsing
41RISCO
abrir ↗VulnCheck XDB
initial-access
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitra
100RISCO
abrir ↗GitHub PoC
vutiendat323/CVE-2021-44228_Log4Shell
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗VulnCheck XDB
info-leak
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baske
48RISCO
abrir ↗GitHub PoC★ 29
PoC for CVE-2026-3609 - XIGNCODE3 xhunter1.sys handle leak enabling PPL bypass and LSASS dumping
XIGNCODE3 xhunter1.sys kernel driver contains a Privilege Escalation Vulnerability
33RISCO
abrir ↗VulnCheck XDB
initial-access
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISCO
abrir ↗GitHub PoC★ 1
rootdirective-sec/CVE-2026-5718-Lab
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Unauthenticated Arbitrary File Upload via Non-ASCII Filename Blacklist Bypass
56RISCO
abrir ↗GitHub PoC
SystemVll/CVE-2026-31431-copyfail-aarch64
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗GitHub PoC
Quick mitigation and patch script for CVE-2026-31431 (Copy Fail) on Ubuntu/Debian VPS
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.