Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.140 exploits
GitHub PoC
PoC of CVE-2021-44228
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗GitHub PoC
Educational Proof-of-Concept for the CVE-2022-30190 (Follina) vulnerability.
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISCO
abrir ↗GitHub PoC★ 1
Hunt-Benito/samsung-exynos-sms-stack-overflow-cve-2025-54328-critical-zero-click-baseband-rce
An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 21
48RISCO
abrir ↗GitHub PoC
CVE-2025-55182 Auto Scanner - Improved Version For authorized CTF/testing purposes only
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
powerfull rust cve-2025-55182-scanner used for ctf & ethical purpose only
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
CVE-2025-55182 (React2Shell) PoC: Unauthenticated RCE affecting React 19.x and Next.js < 15.1.4. Exploits vulnerabilities in the RSC Flight protocol.
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
Browser-based MCP CTF — OAuth token confusion and session isolation failure (CVE-2025-49596 pattern). DevTools only.
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
75RISCO
abrir ↗GitHub PoC★ 6
High-interaction honeypot mimicking a vulnerable Laravel/Livewire app. Captures RCE exploits and webshells targeting CVE-2024-47823, CVE-2025-54068, and CVE-2025-14894, then analyzes them in sandboxed Docker containers to extract IOCs.
Livewire vulnerable to remote command execution during property update hydration
100RISCO
abrir ↗GitHub PoC
CVE-2021-22911 Rocket.Chat NoSQL Injection RCE Exploit - Educational Purpose
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RISCO
abrir ↗GitHub PoC
Demo to remediate CVE-2023-20198 using forward networks and tines
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS
100RISCO
abrir ↗GitHub PoC
Improper Access Control in Mysterium Node before v1.36.0
Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node from v1.21.1-rc0 before v1.36.0 allows a
48RISCO
abrir ↗GitHub PoC★ 2
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file.
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RISCO
abrir ↗GitHub PoC
Estudio técnico de la vulnerabilidad CVE-2025-5548
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir ↗GitHub PoC
Exploiting WordPress vulnerabilities (CVE-2025-34077), authentication bypass via cookie injection, and privilege escalation to root. Part of my Cybersecurity Specialization.
WordPress Pie Register Plugin ≤ 3.7.1.4 Authentication Bypass RCE
63RISCO
abrir ↗GitHub PoC
Performed a live cybersecurity assessment on a university Linux server. During analysis, active attack activity was identified, including brute-force authentication attempts and exploitation attempts targeting Log4Shell (CVE-2021-44228).
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗GitHub PoC
kaleth4/-CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗GitHub PoC
Xibo CMS CVE-2023-33177 Vulnerability Tester
Xibo CMS vulnerable to Remote Code Execution through Zip Slip
41RISCO
abrir ↗GitHub PoC
kaleth4/CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗GitHub PoC
Majdae/CVE-2025-47812-Research
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir ↗GitHub PoC★ 2
CVE-2025-63353
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-s
48RISCO
abrir ↗GitHub PoC
Unauthenticated RCE vulnerability in Fuel CMS 1.4.1.
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This ca
60RISCO
abrir ↗GitHub PoC
cyb3rk0ala/THM-MagnusBilling-CVE-2023-30258-Exploit
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary com
85RISCO
abrir ↗GitHub PoC
CVE-2020-1938-Tomcat-AJP(Ghostcat)-Analysis
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISCO
abrir ↗GitHub PoC
Security review уязвимости CVE-2024-3094 с открытым исходным кодом
Xz: malicious code in distributed source
70RISCO
abrir ↗GitHub PoC
doaso/CVE-2023-42115
Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
53RISCO
abrir ↗GitHub PoC
HackTheBox — Pterodactyl (Medium/Linux) walkthrough. CVE-2025-49132 LFI → pearcmd RCE → bcrypt crack → SSH. Privesc via CVE-2025-6018 (PAM pam_environment bypass) + CVE-2025-6019 (udisks2 XFS resize race condition, nosuid bypass) → root. Full notes and steps included.
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir ↗GitHub PoC
CVE-2026-32646: Missing Authentication on Admin Device Endpoint — Gardyn Home Kit (ICSA-26-055-03)
Gardyn Cloud API Missing Authentication for Critical Function
41RISCO
abrir ↗GitHub PoC
CVE-2026-32662: Active Debug Code in Production — Gardyn Home Kit (ICSA-26-055-03)
Gardyn Cloud API Active Debug Code
33RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.