Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.140 exploits
GitHub PoC
Basic Proof of Concept (Poc) Exploit for React RSC - CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
hook repo for cve-2024-32002
Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
53RISCO
abrir ↗GitHub PoC
LunaLynx12/cve-2023-43208-poc
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir ↗GitHub PoC
0x0asif/CVE-2024-21762
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0
100RISCO
abrir ↗GitHub PoC
CVE-2024-32002 Private for Capstone Project CC10
Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
53RISCO
abrir ↗GitHub PoC★ 1
Educational lab demonstrating CVE-2018-7600 (Drupalgeddon2) Remote Code Execution using a Docker-based vulnerable Drupal 7.56 environment.
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISCO
abrir ↗GitHub PoC
Apache HTTP Server (2.4.49) üzerinde CVE-2021-42013 zafiyetini (Path Traversal & RCE) simüle eden Docker tabanlı sızma testi laboratuvarı.
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
100RISCO
abrir ↗GitHub PoC
🚀 Complete analysis and exploitation of CVE-2025-5548 (FreeFloat FTP Server 1.0 - NOOP Buffer Overflow) Full methodology: manual tool installation, lab environment setup, fuzzing, offset calculation, bad chars, JMP ESP and working reverse shell exploit.
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir ↗GitHub PoC
alanschmidt81/CVE-2025-5548
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir ↗GitHub PoC
Proof of concept exploit for CVE-2019-10068.
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions
100RISCO
abrir ↗GitHub PoC★ 6
MistyFir/CVE-2024-21338-Exploit
Windows Kernel Elevation of Privilege Vulnerability
83RISCO
abrir ↗GitHub PoC
A simple Docker lab and Exploit setup for CVE-2021-3156 - "Baron Samedit".
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
100RISCO
abrir ↗GitHub PoC
Scripts en Python para la explotación de CVE-2024-51482 (SQLi en ZoneMinder) — HTB CCTV
Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
75RISCO
abrir ↗GitHub PoC★ 1
CVE-2023-6329 – Authentication bypass PoC for Control iD iDSecure ≤ 4.7.43.0
Control iD iDSecure passwordCustom Authentication Bypass
75RISCO
abrir ↗GitHub PoC
Advanced SMB Honeypot: CVE-2025-33073 Research & Implementation
Windows SMB Client Elevation of Privilege Vulnerability
83RISCO
abrir ↗GitHub PoC
engranaabubakar/CVE-2022-42889
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RISCO
abrir ↗GitHub PoC★ 2
CVE-2025-66398 — Signal K Server ≤ 2.18.0 RCE PoC
Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE)
53RISCO
abrir ↗GitHub PoC
Writeup of the Optimum machine from Hack The Box. This walkthrough covers the exploitation of Rejetto HttpFileServer 2.3 (CVE-2014-6287) to gain initial access, followed by privilege escalation on a Windows host using enumeration techniques and post-exploitation tools.
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c a
100RISCO
abrir ↗GitHub PoC★ 5
Comprehensive deobfuscated research of the Coruna iOS exploit kit targeting CVE-2024-23222. Analysis of WebKit Type Confusion, PAC Bypass, and Sandbox Escape
A type confusion issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.
76RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-6508 LiderAhenk Merkezi Yönetim Sistemi mimarisinde, uç birimler (agents) arası tüm istemcilerin birbirleri üzerinde 'root' yetkisiyle kod çalıştırılmasına (unauthorized rce & lateral movement) olanak tanıyan kritik güvenlik zafiyeti.
RCE in TUBITAK BILGEM's Liderahenk
48RISCO
abrir ↗GitHub PoC★ 1
PoC for CVE-2024-22393: Pixel Flood DoS in Apache Answer ≤1.2.1. Upload crafted 5KB image with fake 64Kx64K dimensions. Server allocates memory for 4B+ pixels and crashes. Find targets via "Powered by Apache Answer." Check bounty program rules before testing—DoS testing is often prohibited.
Apache Answer: Pixel Flood Attack by uploading the large pixel file
48RISCO
abrir ↗GitHub PoC
swoon69/CVE-2025-59287-Exercise-Use
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
100RISCO
abrir ↗GitHub PoC
libssh Authentication Bypass (CVE-2018-10933) Lab
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client coul
85RISCO
abrir ↗GitHub PoC★ 1
ApacheHunter detects CVE-2024-22393 in Apache Answer servers. Like Wappalyzer but CLI-based. Scans headers, page content, meta tags, and paths to identify Apache versions and vulnerable installations (≤1.2.1). No output files—just real-time results.
Apache Answer: Pixel Flood Attack by uploading the large pixel file
48RISCO
abrir ↗GitHub PoC
demo application showing off SQL Injection exploit in django 5.2.7
Potential SQL injection via _connector keyword argument in QuerySet and Q objects
53RISCO
abrir ↗GitHub PoC
OpenSSH regreSSHion (CVE-2024-6387) Lab
Openssh: regresshion - race condition in ssh allows rce/dos
63RISCO
abrir ↗GitHub PoC
OpenSSH User Enumeration (CVE-2018-15473) Lab
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.