Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
13.140 exploits
GitHub PoC4
PoC for CVE-2026-13585
CVE-2026-13585HIGH07 abr 2026
Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in
41RISCO
abrir
GitHub PoC
sathish46-lab/CVE-2025-48384-submodule
CVE-2025-48384HIGHsob ataque07 abr 2026
Git allows arbitrary code execution through broken config quoting
71RISCO
abrir
GitHub PoC
CVE-2026-28766: Missing Authentication on User Account Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-28766CRITICAL07 abr 2026
Gardyn Cloud API Missing Authentication for Critical Function
48RISCO
abrir
GitHub PoC
CVE-2026-28767: Missing Authentication on Admin Notifications Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-28767MEDIUM07 abr 2026
Gardyn Cloud API Missing Authentication for Critical Function
33RISCO
abrir
GitHub PoC
CVE-2026-32646: Missing Authentication on Admin Device Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-32646HIGH07 abr 2026
Gardyn Cloud API Missing Authentication for Critical Function
41RISCO
abrir
GitHub PoC
CVE-2025-8088 is a critical path traversal vulnerability in WinRAR 7.12
CVE-2025-8088HIGHsob ataque07 abr 2026
Path traversal vulnerability in WinRAR
93RISCO
abrir
GitHub PoC1
Apache Tomcat(CVE-2020-1938)漏洞验证脚本
CVE-2020-1938CRITICALsob ataque07 abr 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISCO
abrir
GitHub PoC
CVE-2026-25197: Authorization Bypass via IDOR — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-25197CRITICAL07 abr 2026
Gardyn Cloud API Authorization Bypass Through User-Controlled Key
48RISCO
abrir
GitHub PoC
Python Exploit for CVE: 2018-9276
CVE-2018-9276HIGHsob ataque07 abr 2026
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISCO
abrir
GitHub PoC1
Ninja Forms File Uploads <= 3.3.26 - Unauthenticated Arbitrary File Upload to RCE (CVE-2026-0740)
CVE-2026-0740CRITICAL07 abr 2026
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISCO
abrir
GitHub PoC
Project: vsFTPd 2.3.4 backdoor exploitation (CVE-2011-2523) on Metasploitable 2.
CVE-2011-252307 abr 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC
Este script es para uso educativo y en entornos autorizados como HackTheBox. El uso contra sistemas sin permiso explícito es ilegal.
CVE-2025-9074CRITICAL07 abr 2026
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RISCO
abrir
GitHub PoC
CVE-2025-13315
CVE-2025-13315CRITICAL07 abr 2026
Unauthenticated log access in Twonky Server
75RISCO
abrir
GitHub PoC
CVE-2025-10681: Hardcoded Azure Blob Storage Account Key — Gardyn Home Kit (ICSA-26-055-03)
CVE-2025-10681HIGH07 abr 2026
Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials
41RISCO
abrir
GitHub PoC
e1st/CVE-2025-56015
CVE-2025-56015HIGH07 abr 2026
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint.
41RISCO
abrir
GitHub PoC1
End-to-end vulnerability management lifecycle on Azure Windows Server 2025. Features OS patching and network-level compensating controls (NSG) to mitigate CVE-2025-14847.
CVE-2025-14847HIGHsob ataque06 abr 2026
Zlib compressed protocol header length confusion may allow memory read
100RISCO
abrir
GitHub PoC
PoC: CVE-2025-30065 incomplete fix bypass in Apache Parquet Java 1.15.1
CVE-2025-30065CRITICAL06 abr 2026
Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
60RISCO
abrir
GitHub PoC
zsxen/CVE-2025-1974
CVE-2025-1974CRITICAL06 abr 2026
ingress-nginx admission controller RCE escalation
85RISCO
abrir
GitHub PoC
zsxen/cve-2025-1974-lab
CVE-2025-1974CRITICAL06 abr 2026
ingress-nginx admission controller RCE escalation
85RISCO
abrir
GitHub PoC
avitoriagomes/CVE-2024-29988
CVE-2024-29988HIGHsob ataque06 abr 2026
SmartScreen Prompt Security Feature Bypass Vulnerability
83RISCO
abrir
GitHub PoC
amikanev/CVE-2025-23061-LAB
CVE-2025-23061CRITICAL06 abr 2026
Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NO
63RISCO
abrir
GitHub PoC1
Exploit for CVE-2023-32749 affecting Pydio Cells 4.1.2 and earlier
CVE-2023-32749HIGH06 abr 2026
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying t
46RISCO
abrir
GitHub PoC
open-flaw/CVE-2025-49844
CVE-2025-49844CRITICAL06 abr 2026
Redis Lua Use-After-Free may lead to remote code execution
85RISCO
abrir
GitHub PoC
rachidafaf/bola-CVE-2023-27524
CVE-2023-27524HIGHsob ataque05 abr 2026
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISCO
abrir
GitHub PoC1
A comprehensive collection of 12 containerized web exploitation challenges covering CVE-2023-25690, WebAuthn bypasses, HTTP/3 smuggling, and advanced XSS/RCE chains
CVE-2023-25690CRITICAL05 abr 2026
Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy
70RISCO
abrir
GitHub PoC
python code for CVE-2018-15473, using paramiko
CVE-2018-15473MEDIUM05 abr 2026
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RISCO
abrir
GitHub PoC
Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability.
CVE-2017-5638CRITICALsob ataqueransomware05 abr 2026
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISCO
abrir
GitHub PoC
Um estudo de caso do CVE-2024-21413. Usado como parâmetro a sala do TryHackMe Moniker Link (CVE-2024-21413). Feito edições com claude code no exploit.
CVE-2024-21413CRITICALsob ataque05 abr 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
vettrivel007/CVE-2024-49138
CVE-2024-49138HIGHsob ataque04 abr 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISCO
abrir
GitHub PoC
Analysis and exploitation of a Next.js authorization bypass vulnerability (CVE-2025-29927)
CVE-2025-29927CRITICAL04 abr 2026
Authorization Bypass in Next.js Middleware
85RISCO
abrir
anteriorpágina 58 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.