Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.062exploits catalogados
31.617CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8.069Nuclei 4.187Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.086 exploits
GitHub PoC★ 5
Unauthenticated PHP Object Injection to RCE in WP Activity Log <= 5.6.3.1 (CVE-2026-54806)
WordPress WP Activity Log plugin <= 5.6.3.1 - PHP Object Injection vulnerability
48RISCO
abrir ↗GitHub PoC★ 2
CVE-2025-48907 - Unauthenticated RCE exploit for Joomla JCE < 2.9.99.5
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir ↗GitHub PoC
Public disclosure for CVE-2026-43655 AppleM2ScalerCSCDriver use-after-free
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macO
41RISCO
abrir ↗GitHub PoC
Version: Download Manager 3.3.5.2 Title: Missing Authorization - Unauthenticated IDOR Exploit
WordPress Download Manager plugin <= 3.3.52 - Broken Access Control vulnerability
33RISCO
abrir ↗GitHub PoC
POC for CVE-2025-24071
Microsoft Windows File Explorer Spoofing Vulnerability
38RISCO
abrir ↗GitHub PoC
POC for CVE-2025-24893
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir ↗GitHub PoC
webshellseo8/CVE-2026-48908-POC
Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
48RISCO
abrir ↗GitHub PoC★ 23
CVE-2026-48909 PoC
Joomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4
48RISCO
abrir ↗GitHub PoC
POC for CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
POC for CVE-2026-21858
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
85RISCO
abrir ↗GitHub PoC
POC for CVE-2025-48384
Git allows arbitrary code execution through broken config quoting
71RISCO
abrir ↗GitHub PoC
Hunt-Benito/ash-authentication-oauth2-oidc-account-takeover-cve-2026-49757-email-based-user-matching
OAuth2/OIDC account takeover in AshAuthentication via email-based user matching
48RISCO
abrir ↗GitHub PoC★ 1
Nuclei template for CVE-2026-11561 — Apinizer SSTI / RCE version detection
SSTI in Soagen Informatics' Apinizer
48RISCO
abrir ↗GitHub PoC
Technical analysis of CVE-2025-68613, a critical Expression Injection vulnerability in n8n that allows authenticated attackers to achieve Remote Code Execution (RCE)
n8n Vulnerable to Remote Code Execution via Expression Injection
100RISCO
abrir ↗GitHub PoC
xxconi/CVE-2026-49777-CVE-2026-10735
WordPress Product Slider Pro for WooCommerce plugin < 3.5.4 - Backdoor vulnerability
63RISCO
abrir ↗GitHub PoC
adriannurrr/CVE-2026-45321-Tanstack
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
78RISCO
abrir ↗GitHub PoC
POC for CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir ↗GitHub PoC
ubaydev/CVE-2026-11551-PoC
Branda – White Label & Branding, Free Login Page Customizer <= 3.4.29 - Unauthenticated Privilege Escalation via Account Takeover
48RISCO
abrir ↗GitHub PoC
Luisbuilds-data/cve-2024-1086-writeup
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISCO
abrir ↗GitHub PoC
Full compromise of TryHackMe's Ice machine — Icecast 2.0.1 RCE (CVE-2004-1561) via buffer overflow, followed by Windows privilege escalation through UAC bypass / COM hijacking. Includes detailed methodology and remediation.
Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with
60RISCO
abrir ↗GitHub PoC
POC for CVE-2025-29384
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability
48RISCO
abrir ↗GitHub PoC
Traveller is an Easy Linux machine featuring a Joomla 4.2.7 travel booking website vulnerable to CVE-2023-23752, an unauthenticated REST API information disclosure that leaks database credentials, leading to admin panel access, remote code execution, and root via sudo misconfiguration.
[20230201] - Core - Improper access check in webservice endpoints
100RISCO
abrir ↗GitHub PoC
JFrog AppTrust lifecycle policy enforcement demo — shows release gate blocking CVE-2022-22965 (Spring4Shell) with waiver request flow
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISCO
abrir ↗GitHub PoC
aelshimony-cloud/OpenWire-CVE-2023-46604-Investigation
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RISCO
abrir ↗GitHub PoC★ 3
🔥 CVE-2026-41091 SolarFlare | Microsoft Defender LPE exploit. Low-privileged users gain NT AUTHORITY\SYSTEM via Cloud Files API + NTFS junction trickery. Forces Defender to write malicious payloads to System32 with SYSTEM rights. ⚠️ Actively exploited in wild. CVSS 7.8. Patch: Defender Engine 1.1.26040.8. 🛡️ Educational PoC only.
Microsoft Defender Elevation of Privilege Vulnerability
71RISCO
abrir ↗GitHub PoC★ 1
GadaLuBau1337/CVE-2026-44578
Next.js: Server-side request forgery in applications using WebSocket upgrades
68RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.