Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
13.140 exploits
GitHub PoC
SonicWall security audit toolkit with vulnerable CTF lab (CVE-2021-20038, CVE-2024-53704)
CVE-2021-20038CRITICALsob ataqueransomware23 fev 2026
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows
100RISCO
abrir
GitHub PoC
SonicWall security audit toolkit with vulnerable CTF lab (CVE-2021-20038, CVE-2024-53704)
CVE-2024-53704HIGHsob ataqueransomware23 fev 2026
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authe
100RISCO
abrir
GitHub PoC
CVE-2025-14847
CVE-2025-14847HIGHsob ataque23 fev 2026
Zlib compressed protocol header length confusion may allow memory read
100RISCO
abrir
GitHub PoC
CVE-2025-55182
CVE-2025-55182CRITICALsob ataqueransomware23 fev 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC2
tempiltin/CVE-2025-10353-POC
CVE-2025-10353CRITICAL23 fev 2026
Missing Authorization vulnerability in Melis Platform
63RISCO
abrir
GitHub PoC
Stored Cross-Site Scripting in "usememos" via SVG
CVE-2025-50738CRITICAL22 fev 2026
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a us
48RISCO
abrir
GitHub PoC3
CVE-2023-43208: Mirth Connect Pre-Auth RCE PoC
CVE-2023-43208CRITICALsob ataqueransomware22 fev 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir
GitHub PoC1
PoC for Mirth Connect Remote Code Execution (RCE)
CVE-2023-43208CRITICALsob ataqueransomware22 fev 2026
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir
GitHub PoC
danilo1992-sys/CVE-2025-32463
CVE-2025-32463CRITICALsob ataque22 fev 2026
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir
GitHub PoC
PoC exploit for CVE-2024-46987 — Camaleon CMS arbitrary path traversal (file read)
CVE-2024-46987HIGH22 fev 2026
Arbitrary path traversal in Camaleon CMS
61RISCO
abrir
GitHub PoC
RCE for WingFTP v4.7.3
CVE-2025-47812CRITICALsob ataque22 fev 2026
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir
GitHub PoC1
Educational lab demonstrating CVE-2021-36934 (HiveNightmare) - Windows LPE via shadow copy ACL misconfiguration.
CVE-2021-36934HIGHsob ataque22 fev 2026
Windows Elevation of Privilege Vulnerability
98RISCO
abrir
GitHub PoC
The flaw allows an attacker to execute arbitrary system commands on the server hosting the Pterodactyl Panel without any prior authentication.
CVE-2025-49132CRITICAL21 fev 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
GitHub PoC1
Exploitation de CVE-2022-26923
CVE-2022-26923HIGHsob ataque21 fev 2026
Active Directory Domain Services Elevation of Privilege Vulnerability
100RISCO
abrir
GitHub PoC
its970/CVE-2025-68645
CVE-2025-68645HIGHsob ataque21 fev 2026
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1
98RISCO
abrir
GitHub PoC
CVE-2022-37969 poc
CVE-2022-37969HIGHsob ataque20 fev 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISCO
abrir
GitHub PoC
A practical lab demonstrating the exploitation of a critical Remote Code Execution (RCE) vulnerability in Apache Struts2 (CVE-2017-5638) using Vulhub Docker environments. Includes setup instructions and commands to run the vulnerable container.
CVE-2017-5638CRITICALsob ataqueransomware20 fev 2026
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISCO
abrir
GitHub PoC
A proof of concept for CVE-2025-31161, using mangled HTTP header to perform unauthenticated impersonation of any user in Crush FTP server.
CVE-2025-31161CRITICALsob ataqueransomware20 fev 2026
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RISCO
abrir
GitHub PoC
C reimplementation of chwoot PoC
CVE-2025-32463CRITICALsob ataque20 fev 2026
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir
GitHub PoC
Path traversal vulnerability in Python's tarfile.
CVE-2025-4517CRITICAL20 fev 2026
Arbitrary writes via tarfile realpath overflow
48RISCO
abrir
GitHub PoC
CVE-2022-24521 poc
CVE-2022-24521HIGHsob ataqueransomware19 fev 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
71RISCO
abrir
GitHub PoC4
CVE-2025-71243 - SPIP Saisies Plugin RCE (Unauthenticated PHP Code Injection)
CVE-2025-71243CRITICAL19 fev 2026
SPIP Saisies Plugin < 5.11.1 Remote Code Execution
63RISCO
abrir
GitHub PoC1
这是基于cve-2016-4437简单的漏洞复现代码
CVE-2016-4437CRITICALsob ataque19 fev 2026
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attack
100RISCO
abrir
GitHub PoC1
Unauthenticated remote code execution vulnerability in Wing FTP Server <= 7.4.3.
CVE-2025-47812CRITICALsob ataque19 fev 2026
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir
GitHub PoC
CVE-2014-6271 Exploit | by infrar3d
CVE-2014-6271CRITICALsob ataque19 fev 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
GitHub PoC
Unauthenticated remote code execution vulnerability in WordPress Bricks Builder <= 1.9.6. The template render endpoint accepts PHP code without authentication, allowing arbitrary command execution as the web server user.
CVE-2024-25600CRITICAL18 fev 2026
WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
85RISCO
abrir
GitHub PoC
ross-ns/WSUS-CVE-2025-59287
CVE-2025-59287CRITICALsob ataque18 fev 2026
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
havbay/CVE-2025-47812-PoC
CVE-2025-47812CRITICALsob ataque18 fev 2026
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir
GitHub PoC
A deep-dive security analysis into the 2020 Virgin Mobile KSA data breach. This study dissects the exploitation of CVE-2020-0688, evaluates the impact of delayed patch management, and proposes a robust multi-layered defense architecture to prevent sophisticated exfiltration tactics.
CVE-2020-0688HIGHsob ataqueransomware18 fev 2026
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle o
100RISCO
abrir
GitHub PoC1
orgito1015/CVE-2025-55182-Researching-process
CVE-2025-55182CRITICALsob ataqueransomware18 fev 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
anteriorpágina 69 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.