Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.140 exploits
GitHub PoC
Investigating CVE-2022-36804
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 bef
100RISCO
abrir ↗GitHub PoC
rocket-panda/CVE-2025-9074
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RISCO
abrir ↗GitHub PoC
CVE-2018-7422
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to re
50RISCO
abrir ↗GitHub PoC
Research-driven UPnP vulnerability scanner focusing on libupnp 1.6.19 and CVE-2012-5958.
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable
60RISCO
abrir ↗GitHub PoC★ 1
Demonstrate exploitation of Signal K Server CVE-2025-66398 allowing unauthenticated attackers to inject backdoor and enable remote code execution.
Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)
53RISCO
abrir ↗GitHub PoC
This room is based on exploiting the notorious Log4j vulnerability ( CVE-2021-44228), also referred to as the Log4Shell. The weakness enables attackers to execute a remote code via injection of the malicious payloads into the log messages.
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗GitHub PoC★ 2
This repository presents a comprehensive walkthrough of the Solar Exploiting Log4j room on TryHackMe, with a focus on understanding and exploiting the critical Log4Shell vulnerability (CVE-2021-44228).The process of triggering the exploit and gaining a reverse shell is explained in a practical and easy-to-follow manner.
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗GitHub PoC
This repository provides a detailed walkthrough of the *Solar Exploiting Log4j room* on TryHackMe, focusing on exploiting the critical Log4Shell vulnerability (CVE-2021-44228). The project demonstrates how attackers can leverage insecure logging mechanisms in Java applications to achieve remote code execution.
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗GitHub PoC
폰트 인덱스 처리에서 발생하는 signed overflow 취약점
Microsoft Word Remote Code Execution Vulnerability
70RISCO
abrir ↗GitHub PoC
Lỗ hổng CVE-2025-64446 & CVE-2025-58034
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISCO
abrir ↗GitHub PoC
Demonstration of the Heartbleed CVE (CVE-2014-0160), including lab setup instructions and source code to build your own Heartbleed lab for educational purposes
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RISCO
abrir ↗GitHub PoC
A detailed penetration testing walkthrough and exploitation report for the 'Portal' machine, focusing on CVE-2011-2523 (vsFTPd 2.3.4 Backdoor) to achieve root access.
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir ↗GitHub PoC
SALMA-ESSAOUD/CVE-CVSS--CVE-2024-38063-IPv6-TCP-IP-Remote-Code-Execution-Analysis
Windows TCP/IP Remote Code Execution Vulnerability
70RISCO
abrir ↗GitHub PoC
danilo1992-sys/CVE-2021-29447
WordPress Authenticated XXE attack when installation is running PHP 8
63RISCO
abrir ↗GitHub PoC
Langflow at pre-CVE-2025-3248 fix commit for variant analysis benchmarking
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISCO
abrir ↗GitHub PoC
CVE-2025-6934 Exploit Tool Unauthenticated Administrator Account Creation in WordPress Plugin Opal Estate Pro
Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user'
68RISCO
abrir ↗GitHub PoC
POC for CVE-2021-3156 - Heap-based buffer overflow in sudo
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISCO
abrir ↗GitHub PoC★ 1
PoC Magento Session Reaper - CVE-2025-54236
Adobe Commerce | Improper Input Validation (CWE-20)
100RISCO
abrir ↗GitHub PoC
SEH-based buffer overflow in Easy File Sharing Web Server 7.2, reachable through the password recovery endpoint.
Easy File Sharing HTTP Server 7.2 Buffer Overflow via POST to /sendemail.ghp
63RISCO
abrir ↗GitHub PoC
Classic stack-based buffer overflow in War FTP Daemon 1.65 demonstrating old-school remote code execution through malformed FTP commands.
Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of s
35RISCO
abrir ↗GitHub PoC
Performing multiple time-based blind injections for the same character and selecting the most frequent result significantly reduces errors and improves reliability, through it is time-consuming.
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RISCO
abrir ↗GitHub PoC
havertz2110/CVE-2024-48510-PoC
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code vi
48RISCO
abrir ↗GitHub PoC
vsftpd 2.3.4 Backdoor Exploit (CVE-2011-2523)
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir ↗GitHub PoC
tayW84/CVE-2019-10945----Python3
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder param
35RISCO
abrir ↗GitHub PoC
Classic stack-based buffer overflow in Savant Web Server 3.1 demonstrating early-2000s remote memory corruption through a crafted HTTP request.
Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP G
50RISCO
abrir ↗GitHub PoC
Exploit based in /jaiguptanick/CVE-2019-0232
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISCO
abrir ↗GitHub PoC
Classic stack-based buffer overflow in SLMail 5.1 showing how early mail servers could be compromised through oversized SMTP and POP3 commands.
Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO arg
60RISCO
abrir ↗GitHub PoC
Practical lab focused on vulnerability analysis and exploit development, using FreeFloat FTP Server 1.0 as an educational buffer overflow case study and documenting the setup, analysis and exploitation workflow
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.