Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.810GitHub PoC 13.116VulnCheck XDB 8.069Nuclei 4.188Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.114 exploits
GitHub PoC
leehunkoo/hk_CVE-2025-32433
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISCO
abrir ↗VulnCheck XDB
local
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
78RISCO
abrir ↗GitHub PoC★ 2
Shcesama/cve-2023-4863-analysis
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to
93RISCO
abrir ↗GitHub PoC
Spring Boot app with log4j 2.14.1 (CVE-2021-44228) — VulnFix agent test target
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2025-48595 - Draft
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to
71RISCO
abrir ↗GitHub PoC
Ez4rd1x1/CVE-2026-8181
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir ↗GitHub PoC
lorenzocamilli/CVE-2026-45332-PoC
Automad Broken Access Control: unauthenticated exposure of administrator bcrypt password hashes and TOTP secrets via public API endpoint
41RISCO
abrir ↗GitHub PoC
MrR0b0t19/CVE-2026-23744-PoC
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir ↗GitHub PoC★ 2
Mass exploitation tool for CVE-2026-8206 – Unauthenticated Privilege Escalation via 'handle_forgot_password' in Kirki WordPress plugin (≤6.0.6).
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISCO
abrir ↗GitHub PoC
Dhananjayasj/CVE-2026-34156-NocoBase-Sandbox-Escape-via-Workflow-Execution-Vulnerability-
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
75RISCO
abrir ↗GitHub PoC
"A professional walkthrough of HTB: Shocker. Demonstrates remote directory fuzzing to discover CGI scripts, manual exploitation of the Shellshock vulnerability (CVE-2014-6271), and privilege escalation via misconfigured Sudo Perl permissions using GTFOBins vectors."
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗GitHub PoC★ 1
This utility was created during research involving MCPJam v1.4.2. The application exposes an API endpoint that accepts a server configuration object. Under certain conditions, insufficient validation may allow unintended command execution.
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir ↗GitHub PoC★ 3
Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh.
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
83RISCO
abrir ↗GitHub PoC
AzDevops143/FRAGNESIA-Charan-cve-2026-46300
net: skbuff: preserve shared-frag marker during coalescing
41RISCO
abrir ↗GitHub PoC
CVE-2026-23744 Proof-of-concept.
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir ↗GitHub PoC★ 3
Reproducible Docker lab for CVE-2024-21182 — Oracle WebLogic T3/IIOP OpaqueReference JNDI injection → unauthenticated RCE (CVE-2023-21839 patch-bypass family). One-command validate.sh.
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RISCO
abrir ↗VulnCheck XDB
initial-access
Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
68RISCO
abrir ↗GitHub PoC
Performed a Full & Fast vulnerability assessment using OpenVAS against Metasploitable2, identified the critical vsftpd Backdoor vulnerability (CVE-2011-2523), and developed containment, remediation, and incident response documentation.
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir ↗VulnCheck XDB
initial-access
Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'
48RISCO
abrir ↗VulnCheck XDB
initial-access
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions t
100RISCO
abrir ↗GitHub PoC
CVE-2026-31525 - Draft
bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
41RISCO
abrir ↗GitHub PoC
jenniferreire26/CVE-2026-39987
marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass
100RISCO
abrir ↗GitHub PoC
entr0pie/demo-cve-2022-22947
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.