Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.140 exploits
GitHub PoC★ 4
PoC for CVE-2026-13585
Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in
41RISCO
abrir ↗GitHub PoC
sathish46-lab/CVE-2025-48384-submodule
Git allows arbitrary code execution through broken config quoting
71RISCO
abrir ↗GitHub PoC
CVE-2026-28766: Missing Authentication on User Account Endpoint — Gardyn Home Kit (ICSA-26-055-03)
Gardyn Cloud API Missing Authentication for Critical Function
48RISCO
abrir ↗GitHub PoC
CVE-2026-28767: Missing Authentication on Admin Notifications Endpoint — Gardyn Home Kit (ICSA-26-055-03)
Gardyn Cloud API Missing Authentication for Critical Function
33RISCO
abrir ↗GitHub PoC
CVE-2026-32646: Missing Authentication on Admin Device Endpoint — Gardyn Home Kit (ICSA-26-055-03)
Gardyn Cloud API Missing Authentication for Critical Function
41RISCO
abrir ↗GitHub PoC
CVE-2025-8088 is a critical path traversal vulnerability in WinRAR 7.12
Path traversal vulnerability in WinRAR
93RISCO
abrir ↗GitHub PoC★ 1
Apache Tomcat(CVE-2020-1938)漏洞验证脚本
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISCO
abrir ↗GitHub PoC
CVE-2026-25197: Authorization Bypass via IDOR — Gardyn Home Kit (ICSA-26-055-03)
Gardyn Cloud API Authorization Bypass Through User-Controlled Key
48RISCO
abrir ↗GitHub PoC
Python Exploit for CVE: 2018-9276
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISCO
abrir ↗GitHub PoC★ 1
Ninja Forms File Uploads <= 3.3.26 - Unauthenticated Arbitrary File Upload to RCE (CVE-2026-0740)
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISCO
abrir ↗GitHub PoC
Project: vsFTPd 2.3.4 backdoor exploitation (CVE-2011-2523) on Metasploitable 2.
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir ↗GitHub PoC
Este script es para uso educativo y en entornos autorizados como HackTheBox. El uso contra sistemas sin permiso explícito es ilegal.
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RISCO
abrir ↗GitHub PoC
CVE-2025-10681: Hardcoded Azure Blob Storage Account Key — Gardyn Home Kit (ICSA-26-055-03)
Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials
41RISCO
abrir ↗GitHub PoC
e1st/CVE-2025-56015
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint.
41RISCO
abrir ↗GitHub PoC★ 1
End-to-end vulnerability management lifecycle on Azure Windows Server 2025. Features OS patching and network-level compensating controls (NSG) to mitigate CVE-2025-14847.
Zlib compressed protocol header length confusion may allow memory read
100RISCO
abrir ↗GitHub PoC
PoC: CVE-2025-30065 incomplete fix bypass in Apache Parquet Java 1.15.1
Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
60RISCO
abrir ↗GitHub PoC
avitoriagomes/CVE-2024-29988
SmartScreen Prompt Security Feature Bypass Vulnerability
83RISCO
abrir ↗GitHub PoC
amikanev/CVE-2025-23061-LAB
Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NO
63RISCO
abrir ↗GitHub PoC★ 1
Exploit for CVE-2023-32749 affecting Pydio Cells 4.1.2 and earlier
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying t
46RISCO
abrir ↗GitHub PoC
open-flaw/CVE-2025-49844
Redis Lua Use-After-Free may lead to remote code execution
85RISCO
abrir ↗GitHub PoC
rachidafaf/bola-CVE-2023-27524
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISCO
abrir ↗GitHub PoC★ 1
A comprehensive collection of 12 containerized web exploitation challenges covering CVE-2023-25690, WebAuthn bypasses, HTTP/3 smuggling, and advanced XSS/RCE chains
Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy
70RISCO
abrir ↗GitHub PoC
python code for CVE-2018-15473, using paramiko
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RISCO
abrir ↗GitHub PoC
Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability.
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISCO
abrir ↗GitHub PoC
Um estudo de caso do CVE-2024-21413. Usado como parâmetro a sala do TryHackMe Moniker Link (CVE-2024-21413). Feito edições com claude code no exploit.
Microsoft Outlook Remote Code Execution Vulnerability
100RISCO
abrir ↗GitHub PoC
vettrivel007/CVE-2024-49138
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISCO
abrir ↗GitHub PoC
Analysis and exploitation of a Next.js authorization bypass vulnerability (CVE-2025-29927)
Authorization Bypass in Next.js Middleware
85RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.