Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.140 exploits
GitHub PoC
SonicWall security audit toolkit with vulnerable CTF lab (CVE-2021-20038, CVE-2024-53704)
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows
100RISCO
abrir ↗GitHub PoC
SonicWall security audit toolkit with vulnerable CTF lab (CVE-2021-20038, CVE-2024-53704)
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authe
100RISCO
abrir ↗GitHub PoC
CVE-2025-14847
Zlib compressed protocol header length confusion may allow memory read
100RISCO
abrir ↗GitHub PoC
CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 2
tempiltin/CVE-2025-10353-POC
Missing Authorization vulnerability in Melis Platform
63RISCO
abrir ↗GitHub PoC
Stored Cross-Site Scripting in "usememos" via SVG
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a us
48RISCO
abrir ↗GitHub PoC★ 3
CVE-2023-43208: Mirth Connect Pre-Auth RCE PoC
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir ↗GitHub PoC★ 1
PoC for Mirth Connect Remote Code Execution (RCE)
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir ↗GitHub PoC
danilo1992-sys/CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir ↗GitHub PoC
PoC exploit for CVE-2024-46987 — Camaleon CMS arbitrary path traversal (file read)
Arbitrary path traversal in Camaleon CMS
61RISCO
abrir ↗GitHub PoC
RCE for WingFTP v4.7.3
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir ↗GitHub PoC★ 1
Educational lab demonstrating CVE-2021-36934 (HiveNightmare) - Windows LPE via shadow copy ACL misconfiguration.
Windows Elevation of Privilege Vulnerability
98RISCO
abrir ↗GitHub PoC
The flaw allows an attacker to execute arbitrary system commands on the server hosting the Pterodactyl Panel without any prior authentication.
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir ↗GitHub PoC★ 1
Exploitation de CVE-2022-26923
Active Directory Domain Services Elevation of Privilege Vulnerability
100RISCO
abrir ↗GitHub PoC
its970/CVE-2025-68645
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1
98RISCO
abrir ↗GitHub PoC
CVE-2022-37969 poc
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISCO
abrir ↗GitHub PoC
A practical lab demonstrating the exploitation of a critical Remote Code Execution (RCE) vulnerability in Apache Struts2 (CVE-2017-5638) using Vulhub Docker environments. Includes setup instructions and commands to run the vulnerable container.
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISCO
abrir ↗GitHub PoC
A proof of concept for CVE-2025-31161, using mangled HTTP header to perform unauthenticated impersonation of any user in Crush FTP server.
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unle
100RISCO
abrir ↗GitHub PoC
C reimplementation of chwoot PoC
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director
100RISCO
abrir ↗GitHub PoC
Path traversal vulnerability in Python's tarfile.
Arbitrary writes via tarfile realpath overflow
48RISCO
abrir ↗GitHub PoC
CVE-2022-24521 poc
Windows Common Log File System Driver Elevation of Privilege Vulnerability
71RISCO
abrir ↗GitHub PoC★ 4
CVE-2025-71243 - SPIP Saisies Plugin RCE (Unauthenticated PHP Code Injection)
SPIP Saisies Plugin < 5.11.1 Remote Code Execution
63RISCO
abrir ↗GitHub PoC★ 1
这是基于cve-2016-4437简单的漏洞复现代码
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attack
100RISCO
abrir ↗GitHub PoC★ 1
Unauthenticated remote code execution vulnerability in Wing FTP Server <= 7.4.3.
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir ↗GitHub PoC
CVE-2014-6271 Exploit | by infrar3d
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗GitHub PoC
Unauthenticated remote code execution vulnerability in WordPress Bricks Builder <= 1.9.6. The template render endpoint accepts PHP code without authentication, allowing arbitrary command execution as the web server user.
WordPress Bricks Theme <= 1.9.6 - Unauthenticated Remote Code Execution (RCE) vulnerability
85RISCO
abrir ↗GitHub PoC
ross-ns/WSUS-CVE-2025-59287
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
100RISCO
abrir ↗GitHub PoC
havbay/CVE-2025-47812-PoC
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir ↗GitHub PoC
A deep-dive security analysis into the 2020 Virgin Mobile KSA data breach. This study dissects the exploitation of CVE-2020-0688, evaluates the impact of delayed patch management, and proposes a robust multi-layered defense architecture to prevent sophisticated exfiltration tactics.
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle o
100RISCO
abrir ↗GitHub PoC★ 1
orgito1015/CVE-2025-55182-Researching-process
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.