Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
13.140 exploits
GitHub PoC
Public advisory and technical analysis for CVE-2026-36590, a NanoMQ v0.24.9 denial-of-service vulnerability.
CVE-2026-36590HIGH28 fev 2026
An issue in EMQ NanoMQ v.0.24.9 allows a remote attacker to cause a denial of service via the nni_qos_db_set function in
41RISCO
abrir
GitHub PoC
CVE-2017-9805 S2-052 PoC
CVE-2017-9805HIGHsob ataque28 fev 2026
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with a
100RISCO
abrir
GitHub PoC
Metasploit exploit for the CVE-2025-50286.
CVE-2025-50286HIGH28 fev 2026
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plug
56RISCO
abrir
GitHub PoC5
Exploit for CVE-2022-21445 of Oracle Weblogic 12.2.1.X
CVE-2022-21445CRITICALsob ataque27 fev 2026
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF
90RISCO
abrir
GitHub PoC
ArthurHendrich/CVE-2022-42475-POC
CVE-2022-42475CRITICALsob ataqueransomware27 fev 2026
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0
100RISCO
abrir
GitHub PoC7
CVE-2024-35250 demonstrates that HVCI is not a defense against data-only kernel exploits. As long as a driver bug provides an arbitrary R/W primitive, token swap remains a universal SYSTEM elevation technique — no code execution required.
CVE-2024-35250HIGHsob ataque27 fev 2026
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
91RISCO
abrir
GitHub PoC
CVE-2021-44228
CVE-2021-44228CRITICALsob ataqueransomware26 fev 2026
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir
GitHub PoC
Security Advisory & PoC for CVE-2025-70994 (Yadea T5 CWE-1390). Details on EV1527 RF replay vulnerabilities, coordinated with CISA.
CVE-2025-70994HIGH26 fev 2026
Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless ent
41RISCO
abrir
GitHub PoC
Full-chain reproduction of CVE-2022-36804 (Bitbucket RCE). Includes a Dockerized laboratory, pspy64 monitoring for null-byte injection verification, and a custom Bash exploit script. Based on Assetnote research.
CVE-2022-36804HIGHsob ataque26 fev 2026
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 bef
100RISCO
abrir
GitHub PoC2
Python implementation of CVE-2023-43208 Mirth Connect RCE (Unauth XStream)
CVE-2023-43208CRITICALsob ataqueransomware26 fev 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir
GitHub PoC
Confluence Unauth RCE (CVE-2022-26134)
CVE-2022-26134CRITICALsob ataqueransomware26 fev 2026
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an un
100RISCO
abrir
GitHub PoC
CVE-2024-23692 | HFS 2.3m/2.4-RC07 RCE vulnerability fix
CVE-2024-23692CRITICALsob ataque26 fev 2026
Rejetto HTTP File Server 2.3m Unauthenticated RCE
100RISCO
abrir
GitHub PoC2
CVE-2025-32433 PoC – SSH Protocol Python-based PoC for controlled lab testing of SSH message handling, channel operations, and pre-auth interactions. Designed for safe security research and analysis.
CVE-2025-32433CRITICALsob ataque26 fev 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISCO
abrir
GitHub PoC
A lightweight orchestrator and worker scanner setup for running large/continuous scans across split input files. This repository contains orchestration scripts, a Docker-based worker image, and helper scripts to run scans repeatedly and collect results.
CVE-2025-55182CRITICALsob ataqueransomware26 fev 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Lab with PoC
CVE-2025-55182CRITICALsob ataqueransomware26 fev 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Threat intelligence and incident response case study on LockBit ransomware exploiting CVE-2023-4966 (Citrix Bleed).
CVE-2023-4966CRITICALsob ataqueransomware25 fev 2026
Unauthenticated sensitive information disclosure
100RISCO
abrir
GitHub PoC
mirth-connect-rce-poc
CVE-2023-43208CRITICALsob ataqueransomware25 fev 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir
GitHub PoC
Unauthenticated command injection vulnerability in Magnus Billing v7.3.0.
CVE-2023-30258CRITICAL25 fev 2026
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary com
85RISCO
abrir
GitHub PoC
glutton-su/CVE-2021-22555
CVE-2021-22555HIGHsob ataque25 fev 2026
Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE
100RISCO
abrir
GitHub PoC1
PoC for CVE-2023-43208 RCE exploitation.
CVE-2023-43208CRITICALsob ataqueransomware25 fev 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir
GitHub PoC190
RSC Detect CVE 2025 55182
CVE-2025-55182CRITICALsob ataqueransomware25 fev 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
TeneBrae93/RocketChat-NoSQLi-Chain-CVE-2021-22911
CVE-2021-2291125 fev 2026
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenti
60RISCO
abrir
GitHub PoC
Research and proof-of-concept for CVE-2022-0185 Linux kernel heap overflow vulnerability.
CVE-2022-0185HIGHsob ataque25 fev 2026
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functio
76RISCO
abrir
GitHub PoC2
CVE-2025-69985: FUXA ≤1.2.8 Auth Bypass + RCE via /api/runscript
CVE-2025-69985CRITICAL25 fev 2026
FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnera
48RISCO
abrir
GitHub PoC1
0xjuarez/CVE-2025-47812
CVE-2025-47812CRITICALsob ataque24 fev 2026
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir
GitHub PoC2
The official Sentinel Edition v7.11 - Hypervisor Detection & Kernel Memory Audit Suite for Honor Magic V2. Investigating CVE-2025-38352 and EL2 RKP defenses.
CVE-2025-38352HIGHsob ataque24 fev 2026
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
71RISCO
abrir
GitHub PoC
carlosalbertotuma/CVE-2025-32433
CVE-2025-32433CRITICALsob ataque24 fev 2026
Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
100RISCO
abrir
GitHub PoC
Unauthenticated remote code execution vulnerability in SPIP before 4.2.1.
CVE-2023-27372CRITICAL24 fev 2026
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. T
85RISCO
abrir
GitHub PoC3
A proof-of-concept exploit for CVE-2023-43208, a remote code execution vulnerability in Mirth Connect before version 4.4.1.
CVE-2023-43208CRITICALsob ataqueransomware24 fev 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir
GitHub PoC
CVE-2025-55182
CVE-2025-55182CRITICALsob ataqueransomware23 fev 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
anteriorpágina 68 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.