Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.171exploits catalogados
31.690CVEs com exploração pública
0testados em laboratório
13.140 exploits
GitHub PoC
Saku0512/CVE-2026-35585-poc
CVE-2026-35585HIGH14 abr 2026
File Browser has a Command Injection via Hook Runner
41RISCO
abrir
GitHub PoC1
CVE-2025-59528 Proof of Concept
CVE-2025-59528CRITICAL13 abr 2026
Flowise has Remote Code Execution vulnerability
85RISCO
abrir
GitHub PoC
[First-Blood-XO] React Server Component endpoint vulnerable to CVE-2025-55182 (RCE) → enumerated SUID binaries → /usr/bin/perl had SUID set → used Perl's POSIX setuid(0) to escalate to root → read /root/flag.txt
CVE-2025-55182CRITICALsob ataqueransomware13 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC1
CVE-2025-59528 - FlowiseAI CustomMCP Remote Code Execution
CVE-2025-59528CRITICAL13 abr 2026
Flowise has Remote Code Execution vulnerability
85RISCO
abrir
GitHub PoC
DonVorrin/CVE-2023-29357
CVE-2023-29357CRITICALsob ataqueransomware13 abr 2026
Microsoft SharePoint Server Elevation of Privilege Vulnerability
100RISCO
abrir
GitHub PoC
Fork of gogs/gogs for reachability benchmark testing (CVE-2024-45337)
CVE-2024-45337CRITICAL13 abr 2026
Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
48RISCO
abrir
GitHub PoC
This is a special panel that is used to send POC requests with the output of responses.
CVE-2025-55182CRITICALsob ataqueransomware13 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC16
Combined PoC for CVE-2025-28434 and CVE-2025-59528
CVE-2025-58434CRITICAL13 abr 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir
GitHub PoC1
This repository contains a Proof of Concept (PoC) exploit for CVE-2023-6972.
CVE-2023-6972CRITICAL13 abr 2026
Backup Migration <= 1.3.9 - Unauthenticated Path Traversal to Arbitrary File Deletion
48RISCO
abrir
GitHub PoC
Gogs Symlink Traversal → RCE
CVE-2025-8110HIGHsob ataque13 abr 2026
File overwrite in file update API in Gogs
100RISCO
abrir
GitHub PoC1
RCE exploit for Gogs <= 0.13.3
CVE-2025-8110HIGHsob ataque12 abr 2026
File overwrite in file update API in Gogs
100RISCO
abrir
GitHub PoC3
CVE-2025-58434 and CVE-2025-59528 chain POC
CVE-2025-58434CRITICAL12 abr 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir
GitHub PoC2
Exploitation Silentium HTB-CTF
CVE-2025-58434CRITICAL12 abr 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir
GitHub PoC
CVE-2025-58434 PoC
CVE-2025-58434CRITICAL12 abr 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir
GitHub PoC1
Critical unauthenticated kill chain leading to full RCE in FlowiseAI (CVE-2025-58434 + CVE-2025-59528)
CVE-2025-58434CRITICAL12 abr 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir
GitHub PoC
CVE-2025-58434 & CVE-2025-59528
CVE-2025-58434CRITICAL12 abr 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir
GitHub PoC
Found 200+ vulnerabilities on scanme.nmap.org including CVE-2023-38408 (9.8 critical)
CVE-2023-38408CRITICAL12 abr 2026
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remot
70RISCO
abrir
GitHub PoC1
kartik2005221/CVE-2025-58434-poc
CVE-2025-58434CRITICAL12 abr 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir
GitHub PoC
Firefox extension for detecting and exploiting CVE-2025-55182 — Prototype Pollution RCE in Next.js React Server Actions
CVE-2025-55182CRITICALsob ataqueransomware12 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Security research and CVE write-ups by Steven Amador (HackinKraken) - CVE-2022-2650, CVE-2026-39338
CVE-2026-39338HIGH12 abr 2026
ChurchCRM has Blind XSS via Global Search – Administrative Cookie Session Exfiltration
41RISCO
abrir
GitHub PoC
0xMOGA/CVE-2023-4911-Lab
CVE-2023-4911HIGHsob ataque11 abr 2026
Glibc: buffer overflow in ld.so leading to privilege escalation
100RISCO
abrir
GitHub PoC2
CVE-2025-8110 — Gogs <= 0.13.3 Arbitrary File Write via Symlink Traversal in PutContents API
CVE-2025-8110HIGHsob ataque11 abr 2026
File overwrite in file update API in Gogs
100RISCO
abrir
GitHub PoC
Proof-of-concept exploit for CVE-2019-15107 (Webmin <= 1.920) enabling unauthenticated RCE via command injection.
CVE-2019-15107CRITICALsob ataqueransomware11 abr 2026
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnera
100RISCO
abrir
GitHub PoC2
Kouf320/docker-lab-cve-2017-5638-cve-2021-41773
CVE-2021-41773HIGHsob ataqueransomware11 abr 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC2
Kouf320/docker-lab-cve-2017-5638-cve-2021-41773
CVE-2017-5638CRITICALsob ataqueransomware11 abr 2026
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISCO
abrir
GitHub PoC
CVE-2025-69212 - OpenSTAManager has an OS Command Injection in P7M File Processing
CVE-2025-69212CRITICAL11 abr 2026
OpenSTAManager has an OS Command Injection in P7M File Processing
48RISCO
abrir
GitHub PoC
Roundcube Webmail post-auth RCE via PHP object deserialization (CVE-2025-49113)
CVE-2025-49113CRITICALsob ataque11 abr 2026
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RISCO
abrir
GitHub PoC
Real-world incident response for CVE-2025-55182 (React2Shell) — script injection, server remediation, and post-incident report
CVE-2025-55182CRITICALsob ataqueransomware11 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC2
Ghxstsec/CVE-2025-8110
CVE-2025-8110HIGHsob ataque11 abr 2026
File overwrite in file update API in Gogs
100RISCO
abrir
GitHub PoC4
GOGS RCE cve-2025-8110 python script that automates the whole attack chain of creating a repository with a symlink file pointing to .git/config and then triggering rce via a poisoned sshCommand on the config file.
CVE-2025-8110HIGHsob ataque11 abr 2026
File overwrite in file update API in Gogs
100RISCO
abrir
anteriorpágina 56 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.