Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
13.140 exploits
GitHub PoC
Areeba-Zehra-Jafri/CVE-2021-41773---Apache-Path-Traversal---RCE
CVE-2021-41773HIGHsob ataqueransomware18 mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC
Cybersecurity lab demonstrating Apache CVE-2021-41773 path traversal vulnerability with vulnerable server simulation, scanner, and security reporting.
CVE-2021-41773HIGHsob ataqueransomware18 mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC1
luoluoqingge/CVE-2025-55182
CVE-2025-55182CRITICALsob ataqueransomware18 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Laboratorio para el análisis y explotación del CVE-2025-5548
CVE-2025-5548MEDIUM18 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir
GitHub PoC
Practical lab focused on vulnerability analysis and exploit development, using FreeFloat FTP Server 1.0 as an educational buffer overflow case study and documenting the setup, analysis and exploitation workflow
CVE-2025-5548MEDIUM18 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir
GitHub PoC
SSH Exploit Tool (Educational Use Only) 📌 Description This tool demonstrates exploitation of: CVE-2008-0166 CVE-2008-1657 It connects to vulnerable SSH services and provides: Persistent interactive shell Command execution logging Automatic PDF & DOCX report generation
CVE-2008-016618 mar 2026
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that ge
45RISCO
abrir
GitHub PoC
A comprehensive analysis of CVE-2021-41773 (Apache HTTP Server 2.4.49), featuring vulnerability research, controlled lab-based exploitation, Proof-of-Concept development, root cause analysis, and mitigation strategies for educational and defensive security purposes.
CVE-2021-41773HIGHsob ataqueransomware18 mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC
A professional Python tool designed for educational penetration testing, demonstrating SSH vulnerabilities (CVE-2008-0166 / CVE-2008-1657) with interactive shell access, command logging, and automated PDF/DOCX reporting.
CVE-2008-016618 mar 2026
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that ge
45RISCO
abrir
GitHub PoC
Apache 2.4.49 Path Traversal RCE
CVE-2021-41773HIGHsob ataqueransomware18 mar 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC
Red Team exploitation of CVE-2021-3156 (Baron Samedit) – Heap Buffer Overflow in Sudo leading to Local Privilege Escalation on Ubuntu 20.04
CVE-2021-3156HIGHsob ataque18 mar 2026
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISCO
abrir
GitHub PoC
FKShield/CVE-2025-5548
CVE-2025-5548MEDIUM18 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir
GitHub PoC
jesusdominguez87/CVE-2025-5548
CVE-2025-5548MEDIUM18 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir
GitHub PoC
CVE-2024-53677 취약점 분석 보고서
CVE-2024-53677CRITICAL18 mar 2026
Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks
70RISCO
abrir
GitHub PoC
Toddkk02/CVE-2025-29927
CVE-2025-29927CRITICAL17 mar 2026
Authorization Bypass in Next.js Middleware
85RISCO
abrir
GitHub PoC
CVE-2025-29927-Nextjs 분석 보고서
CVE-2025-29927CRITICAL17 mar 2026
Authorization Bypass in Next.js Middleware
85RISCO
abrir
GitHub PoC
​Detailed analysis of the 2023 MOVEit Transfer data breach (CVE-2023-34362) for CS50 Cybersecurity. This project explores the technical impact of unauthenticated SQL Injection and its consequences for global data privacy, affecting 2,700+ organizations. Special thanks to Professor David J. Malan and the CS50 staff.
CVE-2023-34362CRITICALsob ataqueransomware17 mar 2026
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.
100RISCO
abrir
GitHub PoC
a PoC for the Nagios CVE-2019-15949 rce in python
CVE-2019-15949HIGHsob ataque17 mar 2026
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios
100RISCO
abrir
GitHub PoC1
uname1able/CVE-2025-29824
CVE-2025-29824HIGHsob ataqueransomware17 mar 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISCO
abrir
GitHub PoC
REC Exploit is a Python-based security testing tool that automates detection of potential RCE conditions in web applications under authorized environments. It sends crafted POST requests to targets, analyzes server responses for execution indicators, and supports batch scanning with custom input, structured payload handling, and clear CLI output.
CVE-2025-55182CRITICALsob ataqueransomware17 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Proof-of-concept for CVE-2025-55182 (React2Shell): unauthenticated RCE in React Server Components / Next.js via Flight protocol deserialization.
CVE-2025-55182CRITICALsob ataqueransomware17 mar 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Security research and reproduction of CVE-2025-5548: A stack-based buffer overflow in FreeFloat FTP Server 1.0. Includes binary analysis, crash replication, and environment setup for vulnerability research.
CVE-2025-5548MEDIUM17 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir
GitHub PoC
CVE-2021-44228 Log4Shell — Penetration Test Writeup
CVE-2021-44228CRITICALsob ataqueransomware17 mar 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
GitHub PoC
Buffer overflow in FreeFloat FTP Server 1.0
CVE-2025-5548MEDIUM17 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir
GitHub PoC
PopClom/CVE-2025-5548
CVE-2025-5548MEDIUM17 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir
GitHub PoC
Alvarosr16/CVE-2025-5548
CVE-2025-5548MEDIUM17 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir
GitHub PoC
Diego57709/CVE-2025-5548
CVE-2025-5548MEDIUM16 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir
GitHub PoC
luisyapura/Analisis-y-Explotacion-de-CVE-2025-5548
CVE-2025-5548MEDIUM16 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir
GitHub PoC
CVE-2022-42889 취약점 분석보고서
CVE-2022-4288916 mar 2026
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RISCO
abrir
GitHub PoC
CVE-2020-5902
CVE-2020-5902CRITICALsob ataqueransomware16 mar 2026
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic
100RISCO
abrir
GitHub PoC
jgs-developer/CVE-2025-5548
CVE-2025-5548MEDIUM16 mar 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir
anteriorpágina 63 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.