Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.140 exploits
GitHub PoC
BIG02-bot/React2Shell-CVE-2025-55182-An-lise-T-cnica
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 4
watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553
SolarWinds Web Help Desk Authentication Bypass Vulnerability
75RISCO
abrir ↗GitHub PoC★ 2
React2Shell (CVE-2025-55182) POC
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
Sn0wBaall/CVE-2023-4220-PoC
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RISCO
abrir ↗GitHub PoC★ 3
CVE-2025-49132_PHP_PEAR_METHOD
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir ↗GitHub PoC
scroollocker/CVE-2025-49132
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir ↗GitHub PoC★ 1
Exploit CVE-2025-49132 Pterodactyl Panel RCE
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir ↗GitHub PoC
Real-world information security risk assessment based on the Oracle E-Business Suite zero-day (CVE-2025-61882). Analyses attacker methods, enterprise risks, and mitigation strategies using ISO 27001, NIST CSF, Cyber Essentials and COBIT.
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integratio
100RISCO
abrir ↗GitHub PoC
CVE-2025-62215 exploit development using Claude Code Agent Team
Windows Kernel Elevation of Privilege Vulnerability
71RISCO
abrir ↗GitHub PoC
Scanner for the SharePoint CVE-2025-53770 RCE zero day vulnerability (fork from hazcod/CVE-2025-53770)
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISCO
abrir ↗GitHub PoC
A POC chain exploit using the recent Cisco SMP exploit (CVE-2017-6736) to chain into Spectre (CVE-2017-5753 and CVE-2017-5715)
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabiliti
93RISCO
abrir ↗GitHub PoC
Wise-Security/CVE-2025-69600
Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows adversaries to execut
41RISCO
abrir ↗GitHub PoC
ISabbiI/PoC-Apache-CVE-2021-41773-Infrastructure-LAB
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir ↗GitHub PoC
Ahmedf000/CVE-2025-49132_HTB_SEASON10
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir ↗GitHub PoC
PowerShell remediation for CVE-2013-3900 (WinVerifyTrust) / Tenable Plugin 166555 using EnableCertPaddingCheck.
WinVerifyTrust Signature Validation Vulnerability
75RISCO
abrir ↗GitHub PoC
This is a modified version of the time-based SQL injection exploit for CMS Made Simple <= 2.2.9. The exploit was originally created by Daniele Scanu and has been updated for better compatibility and modern Python practices.
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir ↗GitHub PoC★ 4
This program Prompts you for the Local File Inclusion information and will automatically search the /etc/passwd and using the users names found will search for and download any SSH key or variation of keys to the local computer. This program also performs the CVE-2021-41773_ apache2.4.49 and 50 traversal path exploit. In addtion to other LFI Vuln
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir ↗GitHub PoC★ 1
This script exploits Remote Code Execution vulnerability in Pterodactyl Panel < 1.11.11
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir ↗GitHub PoC
Wise-Security/CVE-2025-69599
RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH e
48RISCO
abrir ↗GitHub PoC
Cisco iOS SNMP Overflow Exploit Toolkit (CVE-2017-6736)
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabiliti
93RISCO
abrir ↗GitHub PoC
openshift rce poc
Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy
48RISCO
abrir ↗GitHub PoC★ 3
PoC exploit for CVE-2025-49132 (GHSA-24wv-6c99-f843) – Unauthenticated Remote Code Execution in Pterodactyl Panel ≤ 1.11.10
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir ↗GitHub PoC★ 1
Ni8mare, n8n RCE
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
85RISCO
abrir ↗GitHub PoC★ 3
George0Papasotiriou/CVE-2025-14174-Chrome-Zero-Day
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perfor
76RISCO
abrir ↗GitHub PoC★ 3
CVE-2025-54253 | CVE-2025-54254 | Adobe Experience Manager Forms XXE → RCE Framework
Adobe Experience Manager | Incorrect Authorization (CWE-863)
100RISCO
abrir ↗GitHub PoC★ 1
George0Papasotiriou/CVE-2025-59470-PostgreSQL-Command-Injection
This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a mal
48RISCO
abrir ↗GitHub PoC★ 1
CVE-2025-49132: Pterodactyl Panel UnauthN LFI to RCE (w/ pearcmd) in posix sh
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir ↗GitHub PoC
faysalferdous/CVE-2025-68645-Exploiting-Zimbra-Webmail-LFI-Vulnerability
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1
98RISCO
abrir ↗GitHub PoC
bananoname/CVE-2024-6386-WPML-SSTI
WPML Multilingual CMS <= 4.6.12 - Authenticated (Contributor+) Remote Code Execution via Twig Server-Side Template Injection
53RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.