Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
13.140 exploits
GitHub PoC
BIG02-bot/React2Shell-CVE-2025-55182-An-lise-T-cnica
CVE-2025-55182CRITICALsob ataqueransomware13 fev 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC4
watchtowrlabs/watchTowr-vs-SolarWinds-WebHelpDesk-CVE-2025-40552-CVE-2025-40553
CVE-2025-40552CRITICAL13 fev 2026
SolarWinds Web Help Desk Authentication Bypass Vulnerability
75RISCO
abrir
GitHub PoC2
React2Shell (CVE-2025-55182) POC
CVE-2025-55182CRITICALsob ataqueransomware12 fev 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Sn0wBaall/CVE-2023-4220-PoC
CVE-2023-4220HIGH12 fev 2026
Chamilo LMS Unauthenticated Big Upload File Remote Code Execution
78RISCO
abrir
GitHub PoC3
CVE-2025-49132_PHP_PEAR_METHOD
CVE-2025-49132CRITICAL12 fev 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
GitHub PoC
scroollocker/CVE-2025-49132
CVE-2025-49132CRITICAL12 fev 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
GitHub PoC1
Exploit CVE-2025-49132 Pterodactyl Panel RCE
CVE-2025-49132CRITICAL12 fev 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
GitHub PoC
Real-world information security risk assessment based on the Oracle E-Business Suite zero-day (CVE-2025-61882). Analyses attacker methods, enterprise risks, and mitigation strategies using ISO 27001, NIST CSF, Cyber Essentials and COBIT.
CVE-2025-61882CRITICALsob ataqueransomware12 fev 2026
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integratio
100RISCO
abrir
GitHub PoC
CVE-2025-62215 exploit development using Claude Code Agent Team
CVE-2025-62215HIGHsob ataque11 fev 2026
Windows Kernel Elevation of Privilege Vulnerability
71RISCO
abrir
GitHub PoC
Scanner for the SharePoint CVE-2025-53770 RCE zero day vulnerability (fork from hazcod/CVE-2025-53770)
CVE-2025-53770CRITICALsob ataqueransomware11 fev 2026
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
A POC chain exploit using the recent Cisco SMP exploit (CVE-2017-6736) to chain into Spectre (CVE-2017-5753 and CVE-2017-5715)
CVE-2017-6736HIGHsob ataque11 fev 2026
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabiliti
93RISCO
abrir
GitHub PoC
Wise-Security/CVE-2025-69600
CVE-2025-69600HIGH11 fev 2026
Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows adversaries to execut
41RISCO
abrir
GitHub PoC
IsmaelCosma/CVE-2025-8088
CVE-2025-8088HIGHsob ataque11 fev 2026
Path traversal vulnerability in WinRAR
93RISCO
abrir
GitHub PoC
ISabbiI/PoC-Apache-CVE-2021-41773-Infrastructure-LAB
CVE-2021-41773HIGHsob ataqueransomware11 fev 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC
Ahmedf000/CVE-2025-49132_HTB_SEASON10
CVE-2025-49132CRITICAL11 fev 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
GitHub PoC
PowerShell remediation for CVE-2013-3900 (WinVerifyTrust) / Tenable Plugin 166555 using EnableCertPaddingCheck.
CVE-2013-3900MEDIUMsob ataque11 fev 2026
WinVerifyTrust Signature Validation Vulnerability
75RISCO
abrir
GitHub PoC
This is a modified version of the time-based SQL injection exploit for CMS Made Simple <= 2.2.9. The exploit was originally created by Daniele Scanu and has been updated for better compatibility and modern Python practices.
CVE-2019-905311 fev 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir
GitHub PoC4
This program Prompts you for the Local File Inclusion information and will automatically search the /etc/passwd and using the users names found will search for and download any SSH key or variation of keys to the local computer. This program also performs the CVE-2021-41773_ apache2.4.49 and 50 traversal path exploit. In addtion to other LFI Vuln
CVE-2021-41773HIGHsob ataqueransomware11 fev 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC1
This script exploits Remote Code Execution vulnerability in Pterodactyl Panel < 1.11.11
CVE-2025-49132CRITICAL11 fev 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
GitHub PoC
Wise-Security/CVE-2025-69599
CVE-2025-69599CRITICAL11 fev 2026
RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH e
48RISCO
abrir
GitHub PoC
Cisco iOS SNMP Overflow Exploit Toolkit (CVE-2017-6736)
CVE-2017-6736HIGHsob ataque11 fev 2026
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabiliti
93RISCO
abrir
GitHub PoC
openshift rce poc
CVE-2024-7387CRITICAL11 fev 2026
Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy
48RISCO
abrir
GitHub PoC3
PoC exploit for CVE-2025-49132 (GHSA-24wv-6c99-f843) – Unauthenticated Remote Code Execution in Pterodactyl Panel ≤ 1.11.10
CVE-2025-49132CRITICAL11 fev 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
GitHub PoC1
Ni8mare, n8n RCE
CVE-2026-21858CRITICAL11 fev 2026
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
85RISCO
abrir
GitHub PoC3
George0Papasotiriou/CVE-2025-14174-Chrome-Zero-Day
CVE-2025-14174HIGHsob ataque10 fev 2026
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perfor
76RISCO
abrir
GitHub PoC3
CVE-2025-54253 | CVE-2025-54254 | Adobe Experience Manager Forms XXE → RCE Framework
CVE-2025-54253CRITICALsob ataque10 fev 2026
Adobe Experience Manager | Incorrect Authorization (CWE-863)
100RISCO
abrir
GitHub PoC1
George0Papasotiriou/CVE-2025-59470-PostgreSQL-Command-Injection
CVE-2025-59470CRITICAL10 fev 2026
This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a mal
48RISCO
abrir
GitHub PoC1
CVE-2025-49132: Pterodactyl Panel UnauthN LFI to RCE (w/ pearcmd) in posix sh
CVE-2025-49132CRITICAL10 fev 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
GitHub PoC
faysalferdous/CVE-2025-68645-Exploiting-Zimbra-Webmail-LFI-Vulnerability
CVE-2025-68645HIGHsob ataque10 fev 2026
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1
98RISCO
abrir
GitHub PoC
bananoname/CVE-2024-6386-WPML-SSTI
CVE-2024-6386CRITICAL10 fev 2026
WPML Multilingual CMS <= 4.6.12 - Authenticated (Contributor+) Remote Code Execution via Twig Server-Side Template Injection
53RISCO
abrir
anteriorpágina 71 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.