Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
13.140 exploits
GitHub PoC
Investigating CVE-2022-36804
CVE-2022-36804HIGHsob ataque24 mar 2026
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 bef
100RISCO
abrir
GitHub PoC
rocket-panda/CVE-2025-9074
CVE-2025-9074CRITICAL23 mar 2026
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RISCO
abrir
GitHub PoC
CVE-2018-7422
CVE-2018-742223 mar 2026
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to re
50RISCO
abrir
GitHub PoC
Research-driven UPnP vulnerability scanner focusing on libupnp 1.6.19 and CVE-2012-5958.
CVE-2012-595823 mar 2026
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable
60RISCO
abrir
GitHub PoC1
Demonstrate exploitation of Signal K Server CVE-2025-66398 allowing unauthenticated attackers to inject backdoor and enable remote code execution.
CVE-2025-66398CRITICAL23 mar 2026
Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)
53RISCO
abrir
GitHub PoC
By PrivacyHunter
CVE-2021-43798HIGHsob ataque22 mar 2026
Grafana path traversal
100RISCO
abrir
GitHub PoC
This room is based on exploiting the notorious Log4j vulnerability ( CVE-2021-44228), also referred to as the Log4Shell. The weakness enables attackers to execute a remote code via injection of the malicious payloads into the log messages.
CVE-2021-44228CRITICALsob ataqueransomware22 mar 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
GitHub PoC2
This repository presents a comprehensive walkthrough of the Solar Exploiting Log4j room on TryHackMe, with a focus on understanding and exploiting the critical Log4Shell vulnerability (CVE-2021-44228).The process of triggering the exploit and gaining a reverse shell is explained in a practical and easy-to-follow manner.
CVE-2021-44228CRITICALsob ataqueransomware22 mar 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
GitHub PoC
This repository provides a detailed walkthrough of the *Solar Exploiting Log4j room* on TryHackMe, focusing on exploiting the critical Log4Shell vulnerability (CVE-2021-44228). The project demonstrates how attackers can leverage insecure logging mechanisms in Java applications to achieve remote code execution.
CVE-2021-44228CRITICALsob ataqueransomware22 mar 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
GitHub PoC
폰트 인덱스 처리에서 발생하는 signed overflow 취약점
CVE-2023-21716CRITICAL22 mar 2026
Microsoft Word Remote Code Execution Vulnerability
70RISCO
abrir
GitHub PoC
Lỗ hổng CVE-2025-64446 & CVE-2025-58034
CVE-2025-64446CRITICALsob ataque22 mar 2026
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb
100RISCO
abrir
GitHub PoC
Demonstration of the Heartbleed CVE (CVE-2014-0160), including lab setup instructions and source code to build your own Heartbleed lab for educational purposes
CVE-2014-0160HIGHsob ataque22 mar 2026
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RISCO
abrir
GitHub PoC
A detailed penetration testing walkthrough and exploitation report for the 'Portal' machine, focusing on CVE-2011-2523 (vsFTPd 2.3.4 Backdoor) to achieve root access.
CVE-2011-252321 mar 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC
Lab & PoC
CVE-2025-53770CRITICALsob ataqueransomware21 mar 2026
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
SALMA-ESSAOUD/CVE-CVSS--CVE-2024-38063-IPv6-TCP-IP-Remote-Code-Execution-Analysis
CVE-2024-38063CRITICAL21 mar 2026
Windows TCP/IP Remote Code Execution Vulnerability
70RISCO
abrir
GitHub PoC
danilo1992-sys/CVE-2021-29447
CVE-2021-29447HIGH20 mar 2026
WordPress Authenticated XXE attack when installation is running PHP 8
63RISCO
abrir
GitHub PoC
Langflow at pre-CVE-2025-3248 fix commit for variant analysis benchmarking
CVE-2025-3248CRITICALsob ataqueransomware20 mar 2026
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
100RISCO
abrir
GitHub PoC
CVE-2025-6934 Exploit Tool Unauthenticated Administrator Account Creation in WordPress Plugin Opal Estate Pro
CVE-2025-6934CRITICAL20 mar 2026
Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user'
68RISCO
abrir
GitHub PoC
POC for CVE-2021-3156 - Heap-based buffer overflow in sudo
CVE-2021-3156HIGHsob ataque19 mar 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISCO
abrir
GitHub PoC1
PoC Magento Session Reaper - CVE-2025-54236
CVE-2025-54236CRITICALsob ataque19 mar 2026
Adobe Commerce | Improper Input Validation (CWE-20)
100RISCO
abrir
GitHub PoC
SEH-based buffer overflow in Easy File Sharing Web Server 7.2, reachable through the password recovery endpoint.
CVE-2025-34096CRITICAL19 mar 2026
Easy File Sharing HTTP Server 7.2 Buffer Overflow via POST to /sendemail.ghp
63RISCO
abrir
GitHub PoC
Classic stack-based buffer overflow in War FTP Daemon 1.65 demonstrating old-school remote code execution through malformed FTP commands.
CVE-2007-156719 mar 2026
Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of s
35RISCO
abrir
GitHub PoC
Performing multiple time-based blind injections for the same character and selecting the most frequent result significantly reduces errors and improves reliability, through it is time-consuming.
CVE-2024-51482CRITICAL19 mar 2026
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RISCO
abrir
GitHub PoC
havertz2110/CVE-2024-48510-PoC
CVE-2024-48510CRITICAL19 mar 2026
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code vi
48RISCO
abrir
GitHub PoC
vsftpd 2.3.4 Backdoor Exploit (CVE-2011-2523)
CVE-2011-252319 mar 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC
tayW84/CVE-2019-10945----Python3
CVE-2019-1094519 mar 2026
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder param
35RISCO
abrir
GitHub PoC
Classic stack-based buffer overflow in Savant Web Server 3.1 demonstrating early-2000s remote memory corruption through a crafted HTTP request.
CVE-2002-112019 mar 2026
Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP G
50RISCO
abrir
GitHub PoC
Exploit based in /jaiguptanick/CVE-2019-0232
CVE-2019-023219 mar 2026
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0
60RISCO
abrir
GitHub PoC
Classic stack-based buffer overflow in SLMail 5.1 showing how early mail servers could be compromised through oversized SMTP and POP3 commands.
CVE-2003-026419 mar 2026
Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO arg
60RISCO
abrir
GitHub PoC
Practical lab focused on vulnerability analysis and exploit development, using FreeFloat FTP Server 1.0 as an educational buffer overflow case study and documenting the setup, analysis and exploitation workflow
CVE-2025-5548MEDIUM18 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir
anteriorpágina 62 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.