Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.171exploits catalogados
31.690CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.069Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.140 exploits
GitHub PoC
Saku0512/CVE-2026-35585-poc
File Browser has a Command Injection via Hook Runner
41RISCO
abrir ↗GitHub PoC★ 1
CVE-2025-59528 Proof of Concept
Flowise has Remote Code Execution vulnerability
85RISCO
abrir ↗GitHub PoC
[First-Blood-XO] React Server Component endpoint vulnerable to CVE-2025-55182 (RCE) → enumerated SUID binaries → /usr/bin/perl had SUID set → used Perl's POSIX setuid(0) to escalate to root → read /root/flag.txt
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2025-59528 - FlowiseAI CustomMCP Remote Code Execution
Flowise has Remote Code Execution vulnerability
85RISCO
abrir ↗GitHub PoC
DonVorrin/CVE-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability
100RISCO
abrir ↗GitHub PoC
Fork of gogs/gogs for reachability benchmark testing (CVE-2024-45337)
Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
48RISCO
abrir ↗GitHub PoC
This is a special panel that is used to send POC requests with the output of responses.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 16
Combined PoC for CVE-2025-28434 and CVE-2025-59528
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir ↗GitHub PoC★ 1
This repository contains a Proof of Concept (PoC) exploit for CVE-2023-6972.
Backup Migration <= 1.3.9 - Unauthenticated Path Traversal to Arbitrary File Deletion
48RISCO
abrir ↗GitHub PoC★ 3
CVE-2025-58434 and CVE-2025-59528 chain POC
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir ↗GitHub PoC★ 2
Exploitation Silentium HTB-CTF
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir ↗GitHub PoC
CVE-2025-58434 PoC
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir ↗GitHub PoC★ 1
Critical unauthenticated kill chain leading to full RCE in FlowiseAI (CVE-2025-58434 + CVE-2025-59528)
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir ↗GitHub PoC
CVE-2025-58434 & CVE-2025-59528
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir ↗GitHub PoC
Found 200+ vulnerabilities on scanme.nmap.org including CVE-2023-38408 (9.8 critical)
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remot
70RISCO
abrir ↗GitHub PoC★ 1
kartik2005221/CVE-2025-58434-poc
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir ↗GitHub PoC
Firefox extension for detecting and exploiting CVE-2025-55182 — Prototype Pollution RCE in Next.js React Server Actions
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
Security research and CVE write-ups by Steven Amador (HackinKraken) - CVE-2022-2650, CVE-2026-39338
ChurchCRM has Blind XSS via Global Search – Administrative Cookie Session Exfiltration
41RISCO
abrir ↗GitHub PoC
0xMOGA/CVE-2023-4911-Lab
Glibc: buffer overflow in ld.so leading to privilege escalation
100RISCO
abrir ↗GitHub PoC★ 2
CVE-2025-8110 — Gogs <= 0.13.3 Arbitrary File Write via Symlink Traversal in PutContents API
File overwrite in file update API in Gogs
100RISCO
abrir ↗GitHub PoC
Proof-of-concept exploit for CVE-2019-15107 (Webmin <= 1.920) enabling unauthenticated RCE via command injection.
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnera
100RISCO
abrir ↗GitHub PoC★ 2
Kouf320/docker-lab-cve-2017-5638-cve-2021-41773
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir ↗GitHub PoC★ 2
Kouf320/docker-lab-cve-2017-5638-cve-2021-41773
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISCO
abrir ↗GitHub PoC
CVE-2025-69212 - OpenSTAManager has an OS Command Injection in P7M File Processing
OpenSTAManager has an OS Command Injection in P7M File Processing
48RISCO
abrir ↗GitHub PoC
Roundcube Webmail post-auth RCE via PHP object deserialization (CVE-2025-49113)
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RISCO
abrir ↗GitHub PoC
Real-world incident response for CVE-2025-55182 (React2Shell) — script injection, server remediation, and post-incident report
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 4
GOGS RCE cve-2025-8110 python script that automates the whole attack chain of creating a repository with a symlink file pointing to .git/config and then triggering rce via a poisoned sshCommand on the config file.
File overwrite in file update API in Gogs
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.