Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
13.140 exploits
GitHub PoC
Conducted a full SOC investigation into a Conti ransomware compromise of an Exchange server using Splunk 8.2.2. Analysed 28,145 events across Windows Security, Sysmon, and IIS log sources to reconstruct the complete attack chain. Identified three exploited CVEs (CVE-2020-0796, CVE-2018-13374, CVE-2018-13379), located a trojanised cmd.exe
CVE-2018-13374MEDIUMsob ataqueransomware27 mar 2026
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 al
75RISCO
abrir
GitHub PoC
Drupal 7 CMS vulnerable to CVE-2018-7600 (Drupalgeddon2), allowing unauthenticated remote code execution.
CVE-2018-7600CRITICALsob ataqueransomware27 mar 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISCO
abrir
GitHub PoC
Sicherheitsaudit einer Drupal-Webanwendung, CVE-2018-7600 geprüft, Nmap/Burp/Metasploit
CVE-2018-7600CRITICALsob ataqueransomware26 mar 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISCO
abrir
GitHub PoC
cisco-ise rce poc
CVE-2025-20282CRITICAL26 mar 2026
Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
48RISCO
abrir
GitHub PoC1
Apache Tomcat RCE
CVE-2025-24813CRITICALsob ataque26 mar 2026
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
100RISCO
abrir
GitHub PoC
PoC exploit for CVE-2025-34282 - ThingsBoard SSRF via SVG Image Upload
CVE-2025-34282MEDIUM26 mar 2026
ThingsBoard < v4.2.1 SVG Image SSRF
33RISCO
abrir
GitHub PoC1
Explore CVE-2021-44228, a vulnerability in log4j affecting almost all software under the sun.
CVE-2021-44228CRITICALsob ataqueransomware26 mar 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
GitHub PoC
Python port of the Linksys tmUnblock.cgi RCE exploit
CVE-2025-34037CRITICAL26 mar 2026
Linksys Routers E/WAG/WAP/WES/WET/WRT-Series
85RISCO
abrir
GitHub PoC
CVE-2025-64446
CVE-2025-64446CRITICALsob ataque26 mar 2026
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISCO
abrir
GitHub PoC
HikvisionExploiter - это Python утилита созданная для автоматизации сканирования и проверки прямого доступа к сети камер Hikvision, нацеленная на поиск уязвимости Web interface версии 3.1.3.150324 + CVE-2021-36260
CVE-2021-36260CRITICALsob ataque26 mar 2026
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation,
100RISCO
abrir
GitHub PoC11
scanner/exploiter CVE-2026-24061 & CVE-2026-32746
CVE-2026-24061CRITICALsob ataque26 mar 2026
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RISCO
abrir
GitHub PoC
An attacker can execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking or privilege escalation.
CVE-2026-29971MEDIUM26 mar 2026
A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. U
33RISCO
abrir
GitHub PoC1
Static Malware Analysis of Follina (CVE-2022-30190) from Blue Team Labs Online
CVE-2022-30190HIGHsob ataqueransomware25 mar 2026
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
PoC for CVE-2025-49596 on linux targets
CVE-2025-49596CRITICAL25 mar 2026
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
75RISCO
abrir
GitHub PoC
Researched and executed real-world CVE exploits in a controlled sandbox: CVE-2000-0168 DoS on Windows 95, ARP Spoofing with NTLMv2 credential interception on Windows XP, and Shellshock RCE via Burp Suite. All activities performed legally for educational purposes.
CVE-2000-016825 mar 2026
Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file
28RISCO
abrir
GitHub PoC
pream-totaram/CVE-2024-52302-reproduction
CVE-2024-52302HIGH25 mar 2026
common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE)
41RISCO
abrir
GitHub PoC1
Advanced Linux Privilege Escalation research on CVE-2021-4034 (PwnKit). Features an optimized exploit with 7 polymorphic payload modes (Interactive Shell, Backdoor, User Creation, Reverse Shell, etc). Portfolio piece focused on memory corruption logic, environment variable manipulation, and anti-forensic techniques.
CVE-2021-4034HIGHsob ataque25 mar 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC
Master's Thesis research on CVE-2024-30051 (Windows DWM Heap Overflow). Features a high-reliability exploit with automated heap spray optimization, real-time logging, and empirical success-rate analysis. Portfolio piece demonstrating advanced Windows binary exploitation, heap layout manipulation, and LPE via Desktop Window Manager.
CVE-2024-30051HIGHsob ataqueransomware25 mar 2026
Windows DWM Core Library Elevation of Privilege Vulnerability
71RISCO
abrir
GitHub PoC5
WinRAR < 7.13 path traversal for persistency
CVE-2025-8088HIGHsob ataque25 mar 2026
Path traversal vulnerability in WinRAR
93RISCO
abrir
GitHub PoC
NeoArtemis37/OverlayFS-PrivEsc-CVE-2022-0944
CVE-2022-0944CRITICAL25 mar 2026
Template injection in connection test endpoint leads to RCE in sqlpad/sqlpad
48RISCO
abrir
GitHub PoC
A proof-of-concept exploit demonstrating local privilege escalation to root in sudo (CVE-2025-32463) by abusing the --chroot (-R) option and injecting a malicious NSS configuration
CVE-2025-32463CRITICALsob ataque25 mar 2026
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir
GitHub PoC2
A Python 3 reimplementation of the classic CVE-2018-15473 OpenSSH user enumeration exploit, extended with multi-threading, wordlist support, automatic vulnerability detection, and thread-safe exploit patching.
CVE-2018-15473MEDIUM25 mar 2026
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RISCO
abrir
GitHub PoC
If you've been grinding through HackTheBox machines, Mailing is one of those boxes that genuinely teaches you something. It's rated Easy, runs on Windows, and chains together a few real-world vulnerabilities — a directory traversal, a credential leak, CVE-2024-21413, and a LibreOffice macro exploit. Let's walk through it step by step.
CVE-2024-21413CRITICALsob ataque25 mar 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
Intentionally vulnerable Next.js RSC Docker lab for CVE-2025-55182 (React2Shell) local testing
CVE-2025-55182CRITICALsob ataqueransomware25 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Advanced security research on CVE-2025-55182 (React2Shell). Features an exploitation framework with 6 functional impact scenarios (RCE to Secret Exfiltration), an interactive reverse shell, and a complete laboratory. Portfolio piece demonstrating deep analysis of Prototype Pollution and Insecure Deserialization in React Server Components
CVE-2025-55182CRITICALsob ataqueransomware25 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
CVE-2025-55182 — React2Shell
CVE-2025-55182CRITICALsob ataqueransomware24 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Khai thác lỗ hổng bảo mật CVE-2025-55182
CVE-2025-55182CRITICALsob ataqueransomware24 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Technical investigation and host containment of a Critical-severity Zero-Click RCE exploit (CVE-2025-21298) using EDR telemetry and static malware analysis.
CVE-2025-21298CRITICAL24 mar 2026
Windows OLE Remote Code Execution Vulnerability
70RISCO
abrir
GitHub PoC
Investigating CVE-2022-36804
CVE-2022-36804HIGHsob ataque24 mar 2026
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 bef
100RISCO
abrir
GitHub PoC
CVE-2026-32794: TLS Certificate Verification Bypass in Apache Airflow Databricks Provider
CVE-2026-32794MEDIUM24 mar 2026
Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange
13RISCO
abrir
anteriorpágina 61 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.