Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
13.140 exploits
GitHub PoC1
Technical analysis and proof-of-concept for CVE-2024-1086, a Linux kernel nf_tables use-after-free vulnerability leading to local privilege escalation. Includes vulnerability breakdown, affected versions, exploitation methodology, and mitigation guidance for research and educational purposes.
CVE-2024-1086HIGHsob ataqueransomware04 mar 2026
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISCO
abrir
GitHub PoC
HazaVVIP/CVE-2025-30208
CVE-2025-30208MEDIUM04 mar 2026
Vite bypasses server.fs.deny when using `?raw??`
70RISCO
abrir
GitHub PoC1
Faridi-m/CVE-2021-22911-RocketChat
CVE-2021-2291104 mar 2026
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RISCO
abrir
GitHub PoC
arrhenius975/CVE-2024-38063-Exploit-Refactoring
CVE-2024-38063CRITICAL04 mar 2026
Windows TCP/IP Remote Code Execution Vulnerability
70RISCO
abrir
GitHub PoC
CVE-2025-32463
CVE-2025-32463CRITICALsob ataque03 mar 2026
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir
GitHub PoC
CVE-2023-3452 exploit for WordPress Canto plugin RCE, HTTPS support included
CVE-2023-3452CRITICAL03 mar 2026
Canto <= 3.0.4 - Unauthenticated Remote File Inclusion
63RISCO
abrir
GitHub PoC
CVE-2024-23897: Jenkins Arbitrary File Read Lead to RCE
CVE-2024-23897CRITICALsob ataqueransomware03 mar 2026
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISCO
abrir
GitHub PoC1
Demonstrate a proof-of-concept exploit for CVE-2026-2441, a high-risk Chrome use-after-free vulnerability in the Blink CSS engine.
CVE-2026-2441HIGHsob ataque03 mar 2026
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside
76RISCO
abrir
GitHub PoC
CVE-2025-68613 — n8n RCE via Expression Injection
CVE-2025-68613CRITICALsob ataque03 mar 2026
n8n Vulnerable to Remote Code Execution via Expression Injection
100RISCO
abrir
GitHub PoC19
Dahua IP camera CVE research toolkit (CVE-2021-33044/33045, CVE-2025-31700/31701)
CVE-2021-33044CRITICALsob ataque03 mar 2026
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RISCO
abrir
GitHub PoC
CVE-2025-5777
CVE-2025-5777CRITICALsob ataqueransomware02 mar 2026
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
100RISCO
abrir
GitHub PoC
Metasploit module to exploit CVE-2024-46987 - an authenticated path traversal vulnerability in Camaleon CMS versions 2.8.0 through 2.8.2 and 2.9.0
CVE-2024-46987HIGH02 mar 2026
Arbitrary path traversal in Camaleon CMS
61RISCO
abrir
GitHub PoC
Aryan20057/CVE-2023-4911
CVE-2023-4911HIGHsob ataque02 mar 2026
Glibc: buffer overflow in ld.so leading to privilege escalation
100RISCO
abrir
GitHub PoC9
gowonisgood/CVE-2025-62215-POC
CVE-2025-62215HIGHsob ataque02 mar 2026
Windows Kernel Elevation of Privilege Vulnerability
71RISCO
abrir
GitHub PoC
PoC of CVE-2021-4034 (PwnKit) for personal training purposes.
CVE-2021-4034HIGHsob ataque02 mar 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC1
CVE-2025-43529 Test
CVE-2025-43529HIGHsob ataque02 mar 2026
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and
71RISCO
abrir
GitHub PoC
Black box penetration test — WordPress exploitation, privilege escalation via CVE-2022-0847
CVE-2022-0847HIGHsob ataque01 mar 2026
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RISCO
abrir
GitHub PoC
Laravel-RCE: CVE-2017-9841
CVE-2017-9841CRITICALsob ataque01 mar 2026
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
100RISCO
abrir
GitHub PoC
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
CVE-2021-4034HIGHsob ataque01 mar 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC
Time-Based Blind SQL Injection Exploit for the OpenSIPs Control Panel (or my first CVE!)
CVE-2026-36670HIGH01 mar 2026
A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) pr
41RISCO
abrir
GitHub PoC
CVE-2014-0160
CVE-2014-0160HIGHsob ataque01 mar 2026
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe
100RISCO
abrir
GitHub PoC
This repository provides production-ready detection engineering content for **CVE-2025-25257**, a pre-authentication SQL Injection vulnerability in Fortinet FortiWeb Fabric Connector versions 7.0 through 7.6.x. Successful exploitation can lead to Remote Code Execution without any prior authentication.
CVE-2025-25257CRITICALsob ataque01 mar 2026
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerabi
100RISCO
abrir
GitHub PoC
7rootsec/CVE-2022-21661-Technical-Analysis
CVE-2022-21661HIGH01 mar 2026
SQL injection in WordPress
78RISCO
abrir
GitHub PoC
CVE-2022-22965
CVE-2022-22965CRITICALsob ataque01 mar 2026
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b
100RISCO
abrir
GitHub PoC
CVE-2017-9805 S2-052 PoC
CVE-2017-9805HIGHsob ataque28 fev 2026
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with a
100RISCO
abrir
GitHub PoC2
Async RCE scanner for CVE-2025-55182 / CVE-2025-66478 — prototype-pollution → code execution via React Server Actions.
CVE-2025-55182CRITICALsob ataqueransomware28 fev 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Controlled penetration testing lab demonstrating CVE-2011-2523 exploitation and mitigation techniques.
CVE-2011-252328 fev 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC
Metasploit exploit for the CVE-2025-50286.
CVE-2025-50286HIGH28 fev 2026
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plug
56RISCO
abrir
GitHub PoC1
Authenticated remote code execution in Pluck CMS before 4.7.13.
CVE-2020-2960728 fev 2026
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access
35RISCO
abrir
GitHub PoC
GarethMSheldon/CVE-2025-60787-Detection-motionEye-RCE-via-Config-Injection
CVE-2025-60787HIGH28 fev 2026
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name
61RISCO
abrir
anteriorpágina 67 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.