Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC
CMS Simple CVE Recode Script Python 3
CVE-2019-905325 abr 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir
GitHub PoC
Cybersecurity-Enthusiasts-CE/CVE-2025-55182-Researching-process
CVE-2025-55182CRITICALsob ataqueransomware25 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
LoGGGG2402/CVE-2025-27407
CVE-2025-27407CRITICAL25 abr 2026
Remote code execution when loading a crafted GraphQL schema
48RISCO
abrir
GitHub PoC
bhatbhupendra/Moniker-Link--CVE-2024-21413-
CVE-2024-21413CRITICALsob ataque25 abr 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC1
im2sinister/CVE-2021-41773
CVE-2021-41773HIGHsob ataqueransomware25 abr 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC
DONKEY0xSHOT/CVE-2017-11882-Blocker
CVE-2017-11882HIGHsob ataqueransomware25 abr 2026
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Mi
100RISCO
abrir
GitHub PoC
Some Proof-of-Concept (POCs) for CVE-2025-29927, CVE-2026-27978, and CVE-2026-29057 in Next.js.
CVE-2025-29927CRITICAL25 abr 2026
Authorization Bypass in Next.js Middleware
85RISCO
abrir
GitHub PoC
patch-manager
CVE-2019-1428725 abr 2026
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and se
35RISCO
abrir
GitHub PoC
Web application penetration testing project targeting a WordPress environment. Includes exploitation of CVE-2019-9978, reverse shell execution, post-exploitation steps, and full pentesting report.
CVE-2019-9978MEDIUMsob ataque25 abr 2026
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RISCO
abrir
GitHub PoC
CVE-2024-3273 — Authorized Penetration Test Report D-Link DNS-320L NAS | Client: Otonata
CVE-2024-3273HIGHsob ataque25 abr 2026
D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection
100RISCO
abrir
GitHub PoC2
CVE-2025-55177 + CVE-2025-43300: reverse-engineering the WhatsApp-ImageIO zero-click iOS chain, with interactive labs.
CVE-2025-55177MEDIUMsob ataque24 abr 2026
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Bu
63RISCO
abrir
GitHub PoC
AbokorMAHAMMADMOUSSE/CVE-2025-25279-Mattermost-Path-Traversal
CVE-2025-25279CRITICAL24 abr 2026
Arbitrary file read in Mattermost Boards via import & export board archive
53RISCO
abrir
GitHub PoC
Runtime patches for algertc/alpr-dashboard: async logger fix and CVE-2025-29927 nginx mitigation
CVE-2025-29927CRITICAL24 abr 2026
Authorization Bypass in Next.js Middleware
85RISCO
abrir
GitHub PoC1
its simple Shellshock exploit
CVE-2014-6271CRITICALsob ataque24 abr 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
GitHub PoC
End-to-end SOC investigation: CVE-2011-2523 kill chain, multi-source log correlation, incident report — MITRE ATT&CK T1190
CVE-2011-252324 abr 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC
HTB Season 10 - Pterodactyl machine writeup. Medium Linux box covering CVE-2025-49132 (Pterodactyl Panel RCE) and CVE-2025-6018/6019 (udisks2 privilege escalation).
CVE-2025-49132CRITICAL24 abr 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
GitHub PoC
End-to-end cybersecurity project demonstrating detection and mitigation of CVE-2024-38063 using IDS, host-based monitoring, and virtual lab attack simulation.
CVE-2024-38063CRITICAL24 abr 2026
Windows TCP/IP Remote Code Execution Vulnerability
70RISCO
abrir
GitHub PoC
Unauthenticated_RCE.CVE-2025-47812
CVE-2025-47812CRITICALsob ataque24 abr 2026
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir
GitHub PoC
Poc for React2Shell CVE-2025-55182
CVE-2025-55182CRITICALsob ataqueransomware24 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC2
CVE-2025-68645
CVE-2025-68645HIGHsob ataque24 abr 2026
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1
98RISCO
abrir
GitHub PoC
POC exploit for CVE-2026-25895 FUXA Unauthenticated Path Traversal -> Arbitrary File Write -> RCE
CVE-2026-25895CRITICAL24 abr 2026
FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
48RISCO
abrir
GitHub PoC
Bug Bounty: CVE-2023-50839 IDOR identified in a third-party support component via 'gau' and 'Nuclei'. Despite perimeter redirects, the outdated software remained exposed. Confirmed through manual header analysis. Severity: 5.3 (Medium). Focused on Defense in Depth failures and PII protection. Status: Reported on Intigriti.
CVE-2023-50839CRITICAL24 abr 2026
WordPress JS Help Desk – Best Help Desk & Support Plugin <= 2.8.1 is vulnerable to SQL Injection
63RISCO
abrir
GitHub PoC
Cybersecurity lab demonstrating exploitation of CVE-2017-0144 (EternalBlue) using Metasploit against a vulnerable Windows 7 VM, achieving SYSTEM-level access via Meterpreter. Includes full attack chain, post exploitation, and mitigation via MS17-010 patching, tested in an isolated ethical lab environment.
CVE-2017-0144HIGHsob ataqueransomware23 abr 2026
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir
GitHub PoC
CVE-2024-3094
CVE-2024-3094CRITICAL23 abr 2026
Xz: malicious code in distributed source
70RISCO
abrir
GitHub PoC1
Recreation and analysis of a curious logic error in Apache 2.4.49 that escalated to remote code execution
CVE-2021-41773HIGHsob ataqueransomware23 abr 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC
HackTheBox TwoMillion machine writeup — API abuse, command injection & CVE-2023-0386
CVE-2023-0386HIGHsob ataque23 abr 2026
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities wa
86RISCO
abrir
GitHub PoC
Find jenkins environment and checks for CVE-2024-23897
CVE-2024-23897CRITICALsob ataqueransomware23 abr 2026
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISCO
abrir
GitHub PoC
Sanitized advisory for CVE-2025-51846 affecting CryptPad WebSocket handling.
CVE-2025-51846HIGH22 abr 2026
CryptPad unbounded WebSocket frame flood
41RISCO
abrir
GitHub PoC
End-to-end simulation of detecting a root-less Android Drop Device (Casper) using Wazuh SIEM to capture Layer 7 attacks like Shellshock (CVE-2014-6271).
CVE-2014-6271CRITICALsob ataque22 abr 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
GitHub PoC
Security toolkit for CVE-2025-55182 (React2Shell) — scan, detect, correlate, and test React Server Components RCE vulnerability
CVE-2025-55182CRITICALsob ataqueransomware22 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
anteriorpágina 52 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.