Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
13.140 exploits
GitHub PoC6
Chatwoot SQL injection in FilterService
CVE-2026-44706HIGH31 mar 2026
Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values
41RISCO
abrir
GitHub PoC
wtbacon/cve-2018-15473
CVE-2018-15473MEDIUM31 mar 2026
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RISCO
abrir
GitHub PoC
This repository contains a proof-of-concept (PoC) exploit for CVE-2024-11680, a critical vulnerability in ProjectSend r1605 and earlier versions. The exploit is aimed at incorrect authentication due to problems with incorrect privilege settings and command injection.
CVE-2024-11680CRITICALsob ataque31 mar 2026
ProjectSend Unauthenticated Configuration Modification
100RISCO
abrir
GitHub PoC
kaleth4/CVE-2024-6387
CVE-2024-6387HIGH31 mar 2026
Openssh: regresshion - race condition in ssh allows rce/dos
63RISCO
abrir
GitHub PoC
Hoverfly CVE RCE
CVE-2025-54123CRITICAL31 mar 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISCO
abrir
GitHub PoC1
CVE-2022-46364 Apache CXF XOP:Include SSRF / LFI
CVE-2022-46364CRITICAL31 mar 2026
Apache CXF SSRF Vulnerability
48RISCO
abrir
GitHub PoC3
Automating the exploitation of CVE-2026-7299 - Stored XSS via Database Table/Column Names in SQL Autocomplete within Appsmith =>1.99. Initial discovery 30/03/26
CVE-2026-7299MEDIUM31 mar 2026
CVE-2026-7299
33RISCO
abrir
GitHub PoC
Setup and exploit recreation for CVE-2022-42889 Text4Shell.
CVE-2022-4288930 mar 2026
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RISCO
abrir
GitHub PoC
CVE-2022-22947 vulnerability task
CVE-2022-22947CRITICALsob ataque30 mar 2026
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RISCO
abrir
GitHub PoC
PoC CVE-2025-54123 - Hoverfly <= 1.11.3 - Authenticated Middleware Command Injection
CVE-2025-54123CRITICAL30 mar 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISCO
abrir
GitHub PoC
amikanev/CVE-2025-55182-LAB
CVE-2025-55182CRITICALsob ataqueransomware30 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC1
akelaqe/CVE-2024-27348-HugeGraph-RCE
CVE-2024-27348CRITICALsob ataque30 mar 2026
Apache HugeGraph-Server: Command execution in gremlin
100RISCO
abrir
GitHub PoC
vettrivel007/CVE-2024-1086
CVE-2024-1086HIGHsob ataqueransomware30 mar 2026
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISCO
abrir
GitHub PoC
CVE-2024-6387 OpenSSH 信号竞争漏洞(regreSSHion)分析报告及检测脚本
CVE-2024-6387HIGH30 mar 2026
Openssh: regresshion - race condition in ssh allows rce/dos
63RISCO
abrir
GitHub PoC
JacobTaylor3/CVE-2021-21220
CVE-2021-21220HIGHsob ataque30 mar 2026
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RISCO
abrir
GitHub PoC
Apache ActiveMQ (CVE-2023-46604) zafiyetinden LockBit ransomware aşamasına uzanan 419 saatlik sızma vakasının uçtan uca analizi, SIEM korelasyon kuralları ve IOC listesi.
CVE-2023-46604CRITICALsob ataqueransomware30 mar 2026
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RISCO
abrir
GitHub PoC
0x0asif/CVE-2025-55182
CVE-2025-55182CRITICALsob ataqueransomware29 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
CVE-2025-54123 exploit and documentation
CVE-2025-54123CRITICAL29 mar 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISCO
abrir
GitHub PoC2
This vulnerability allows an attacker to perform SSRF (Server-Side Request Forgery) attacks on Apache CXF webservices that accept MTOM/XOP requests. The issue exists in how the href attribute of xop:Include is parsed, allowing arbitrary URLs to be requested by the server.
CVE-2022-46364CRITICAL29 mar 2026
Apache CXF SSRF Vulnerability
48RISCO
abrir
GitHub PoC1
Shashivanth009/CVE-2022-46364---Apache-CXF-XOP-Include-LFI-PoC
CVE-2022-46364CRITICAL29 mar 2026
Apache CXF SSRF Vulnerability
48RISCO
abrir
GitHub PoC7
CVE-2022-46364-Poc Apache CXF SSRF via MTOM XOP:Include
CVE-2022-46364CRITICAL28 mar 2026
Apache CXF SSRF Vulnerability
48RISCO
abrir
GitHub PoC
BOLA/IDOR vulnerability in osTicket ajax.tickets.php | Responsible Disclosure
CVE-2026-14871HIGH28 mar 2026
osTicket v1.18.3 - v1.17.7 - BOLA/IDOR in ticket field viewing allows cross-department data disclosure
38RISCO
abrir
GitHub PoC
A PoC demonstrating a RCE in Hoverfly (versions ≤ 1.11.3) by abusing the /api/v2/hoverfly/middleware endpoint and injecting a malicious middleware script
CVE-2025-54123CRITICAL28 mar 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISCO
abrir
GitHub PoC
Explota vulnerabilidad
CVE-2023-43208CRITICALsob ataqueransomware28 mar 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir
GitHub PoC4
Chrome extension that uses vulnerabilities CVE-2021-33044 and CVE-2021-33045 to log in to Dahua cameras without authentication.
CVE-2021-33044CRITICALsob ataque28 mar 2026
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RISCO
abrir
GitHub PoC7
CVE-2025-54123 Hoverfly Authenticated Middleware Command Injection RCE
CVE-2025-54123CRITICAL28 mar 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISCO
abrir
GitHub PoC
Drupal 7 CMS vulnerable to CVE-2018-7600 (Drupalgeddon2), allowing unauthenticated remote code execution.
CVE-2018-7600CRITICALsob ataqueransomware27 mar 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISCO
abrir
GitHub PoC
Conducted a full SOC investigation into a Conti ransomware compromise of an Exchange server using Splunk 8.2.2. Analysed 28,145 events across Windows Security, Sysmon, and IIS log sources to reconstruct the complete attack chain. Identified three exploited CVEs (CVE-2020-0796, CVE-2018-13374, CVE-2018-13379), located a trojanised cmd.exe
CVE-2018-13374MEDIUMsob ataqueransomware27 mar 2026
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 al
75RISCO
abrir
GitHub PoC
Conducted a full SOC investigation into a Conti ransomware compromise of an Exchange server using Splunk 8.2.2. Analysed 28,145 events across Windows Security, Sysmon, and IIS log sources to reconstruct the complete attack chain. Identified three exploited CVEs (CVE-2020-0796, CVE-2018-13374, CVE-2018-13379), located a trojanised cmd.exe
CVE-2020-0796CRITICALsob ataqueransomware27 mar 2026
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol h
100RISCO
abrir
GitHub PoC
BastianXploited/CVE-2025-6440
CVE-2025-6440CRITICAL27 mar 2026
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RISCO
abrir
anteriorpágina 60 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.