Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.002exploits catalogados
31.582CVEs com exploração pública
3.462 exploits
Metasploit500
HP Poly Voice Unauthenticated Remote Code Execution
CVE-2026-0826CRITICAL01 jun 2026
Poly Voice – Possible Remote Control of Certain Poly Devices
48RISCO
abrir
Metasploit300
Linux Kernel __ptrace_may_access() Exit Race chage File Disclosure
CVE-2026-46333HIGH14 mai 2026
ptrace: slightly saner 'get_dumpable()' logic
56RISCO
abrir
Metasploit400
rxkad Page-Cache Write via CVE-2026-43500
CVE-2026-43500HIGH08 mai 2026
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISCO
abrir
Metasploit400
xfrm-ESP Page-Cache Write via CVE-2026-43284
CVE-2026-43284HIGH08 mai 2026
xfrm: esp: avoid in-place decrypt on shared skb frags
78RISCO
abrir
Metasploit600
Dalfox Found-Action Deserialization RCE
CVE-2026-45087CRITICAL07 mai 2026
Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode
43RISCO
abrir
Metasploit300
Cisco Catalyst SD-WAN Controller vHub Authentication Bypass
CVE-2026-20182CRITICALsob ataque07 mai 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir
Metasploit600
Apache ActiveMQ RCE via Jolokia addNetworkConnector
CVE-2026-34197HIGHsob ataque29 abr 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
100RISCO
abrir
Metasploit600
Copy Fail AF_ALG + authencesn Page-Cache Write
CVE-2026-31431HIGHsob ataque29 abr 2026
crypto: algif_aead - Revert to operating out-of-place
100RISCO
abrir
Metasploit600
cPanel/WHM CRLF Injection Authentication Bypass RCE
CVE-2026-41940CRITICALsob ataqueransomware28 abr 2026
WebPros cPanel and WHM Authentication Bypass via Login Flow
100RISCO
abrir
Metasploit600
Xerte Online Toolkits Arbitrary File Upload - Unauthenticated Media Upload
CVE-2026-41459MEDIUM22 abr 2026
Xerte Online Toolkits Path Disclosure via /setup
48RISCO
abrir
Metasploit600
Xerte Online Toolkits Arbitrary File Upload - Unauthenticated Media Upload
CVE-2026-34415CRITICAL22 abr 2026
Xerte Online Toolkits File Upload RCE via elfinder Connector
63RISCO
abrir
Metasploit600
Xerte Online Toolkits Arbitrary File Upload - Unauthenticated Media Upload
CVE-2026-34413HIGH22 abr 2026
Xerte Online Toolkits Missing Authentication via connector.php
56RISCO
abrir
Metasploit600
Flowise CSV Agent Prompt Injection RCE
CVE-2026-41264CRITICAL22 abr 2026
Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability
43RISCO
abrir
Metasploit600
Xerte Online Toolkits Arbitrary File Upload - Unauthenticated Media Upload
CVE-2026-34414HIGH22 abr 2026
Xerte Online Toolkits Path Traversal via connector.php
56RISCO
abrir
Metasploit300
BerriAI LiteLLM Proxy Pre-Auth SQL Injection Scanner
CVE-2026-42208CRITICALsob ataque20 abr 2026
LiteLLM: SQL injection in Proxy API key verification
100RISCO
abrir
Metasploit600
Paperclip AI RCE using a chain of six API calls (CVE-2026-41679).
CVE-2026-41679CRITICAL10 abr 2026
Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass
43RISCO
abrir
Metasploit600
Supsystic Contact Form Wordpress Plugin SSTI RCE
CVE-2026-4257CRITICAL30 mar 2026
Contact Form by Supsystic <= 1.7.36 - Unauthenticated Server-Side Template Injection via Prefill Functionality
75RISCO
abrir
Metasploit300
Citrix ADC (NetScaler) CVE-2026-3055 Scanner
CVE-2026-3055CRITICALsob ataque23 mar 2026
Insufficient input validation leading to memory overread
95RISCO
abrir
Metasploit600
AVideo Encoder getImage.php Unauthenticated Command Injection
CVE-2026-29058CRITICAL05 mar 2026
AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php
43RISCO
abrir
Metasploit300
AVideo Unauthenticated SQL Injection Credential Dump
CVE-2026-28501CRITICAL05 mar 2026
WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
43RISCO
abrir
Metasploit600
FreeScout Unauthenticated RCE via ZWSP .htaccess Bypass
CVE-2026-27636HIGH01 mar 2026
FreeScout: Missing .htaccess in Restricted File Extensions Allows Remote Code Execution on Apache
36RISCO
abrir
Metasploit600
FreeScout Unauthenticated RCE via ZWSP .htaccess Bypass
CVE-2026-28289CRITICAL01 mar 2026
FreeScout 1.8.206 Patch Bypass for CVE-2026-27636 via Zero-Width Space Character Leads to Remote Code Execution
55RISCO
abrir
Metasploit600
openDCIM install.php SQL Injection to RCE
CVE-2026-28515CRITICAL28 fev 2026
openDCIM <= 23.04 Missing Authorization in install.php
63RISCO
abrir
Metasploit600
openDCIM install.php SQL Injection to RCE
CVE-2026-28517CRITICAL28 fev 2026
openDCIM <= 23.04 OS Command Injection via dot Configuration Parameter
63RISCO
abrir
Metasploit600
openDCIM install.php SQL Injection to RCE
CVE-2026-28516CRITICAL28 fev 2026
openDCIM <= 23.04 SQL Injection in Config::UpdateParameter
43RISCO
abrir
Metasploit600
Langflow RCE
CVE-2026-27966CRITICAL25 fev 2026
Langflow has Remote Code Execution in CSV Agent
55RISCO
abrir
Metasploit300
Cisco Catalyst SD-WAN Controller Authentication Bypass
CVE-2026-20127CRITICALsob ataque25 fev 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
100RISCO
abrir
Metasploit500
GrandStream GXP1600 Unauthenticated Remote Code Execution
CVE-2026-2329CRITICAL18 fev 2026
Grandstream GXP1600 VoIP Phones - Unauthenticated stack buffer overflow
75RISCO
abrir
Metasploit600
MajorDoMo Supply Chain RCE via Update Poisoning
CVE-2026-27180CRITICAL18 fev 2026
MajorDoMo Supply Chain Remote Code Execution via Update URL Poisoning
43RISCO
abrir
Metasploit600
MajorDoMo Console Eval Unauthenticated RCE
CVE-2026-27174CRITICAL18 fev 2026
MajorDoMo Unauthenticated Remote Code Execution via Admin Console Eval
63RISCO
abrir
página 1 / 116próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.