Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.622exploits catalogados
32.030CVEs com exploração pública
1.932testados em laboratório
13.187 exploits
GitHub PoC1
This script exploits Remote Code Execution vulnerability in Pterodactyl Panel < 1.11.11
CVE-2025-49132CRITICAL11 fev 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
GitHub PoC3
PoC exploit for CVE-2025-49132 (GHSA-24wv-6c99-f843) – Unauthenticated Remote Code Execution in Pterodactyl Panel ≤ 1.11.10
CVE-2025-49132CRITICAL11 fev 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
GitHub PoC4
This program Prompts you for the Local File Inclusion information and will automatically search the /etc/passwd and using the users names found will search for and download any SSH key or variation of keys to the local computer. This program also performs the CVE-2021-41773_ apache2.4.49 and 50 traversal path exploit. In addtion to other LFI Vuln
CVE-2021-41773HIGHsob ataqueransomware11 fev 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC
ISabbiI/PoC-Apache-CVE-2021-41773-Infrastructure-LAB
CVE-2021-41773HIGHsob ataqueransomware11 fev 2026
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir
GitHub PoC
CVE-2025-62215 exploit development using Claude Code Agent Team
CVE-2025-62215HIGHsob ataque11 fev 2026
Windows Kernel Elevation of Privilege Vulnerability
71RISCO
abrir
GitHub PoC1
Ni8mare, n8n RCE
CVE-2026-21858CRITICAL11 fev 2026
n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling
85RISCO
abrir
GitHub PoC
Wise-Security/CVE-2025-69600
CVE-2025-69600HIGH11 fev 2026
Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows adversaries to execut
41RISCO
abrir
GitHub PoC
This is a modified version of the time-based SQL injection exploit for CMS Made Simple <= 2.2.9. The exploit was originally created by Daniele Scanu and has been updated for better compatibility and modern Python practices.
CVE-2019-905311 fev 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir
GitHub PoC
A POC chain exploit using the recent Cisco SMP exploit (CVE-2017-6736) to chain into Spectre (CVE-2017-5753 and CVE-2017-5715)
CVE-2017-6736HIGHsob ataque11 fev 2026
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabiliti
93RISCO
abrir
GitHub PoC
IsmaelCosma/CVE-2025-8088
CVE-2025-8088HIGHsob ataque11 fev 2026
Path traversal vulnerability in WinRAR
93RISCO
abrir
GitHub PoC
openshift rce poc
CVE-2024-7387CRITICAL11 fev 2026
Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy
48RISCO
abrir
GitHub PoC
bananoname/CVE-2024-6386-WPML-SSTI
CVE-2024-6386CRITICAL10 fev 2026
WPML Multilingual CMS <= 4.6.12 - Authenticated (Contributor+) Remote Code Execution via Twig Server-Side Template Injection
53RISCO
abrir
GitHub PoC
faysalferdous/CVE-2025-68645-Exploiting-Zimbra-Webmail-LFI-Vulnerability
CVE-2025-68645HIGHsob ataque10 fev 2026
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1
98RISCO
abrir
GitHub PoC1
CVE-2025-49132: Pterodactyl Panel UnauthN LFI to RCE (w/ pearcmd) in posix sh
CVE-2025-49132CRITICAL10 fev 2026
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir
GitHub PoC1
George0Papasotiriou/CVE-2025-8110-Gogs-Remote-Code-Execution
CVE-2025-8110HIGHsob ataque10 fev 2026
File overwrite in file update API in Gogs
100RISCO
abrir
GitHub PoC1
George0Papasotiriou/CVE-2025-61882-Oracle-BI-Publisher-RCE
CVE-2025-61882CRITICALsob ataqueransomware10 fev 2026
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integratio
100RISCO
abrir
GitHub PoC3
CVE-2025-54253 | CVE-2025-54254 | Adobe Experience Manager Forms XXE → RCE Framework
CVE-2025-54253CRITICALsob ataque10 fev 2026
Adobe Experience Manager | Incorrect Authorization (CWE-863)
100RISCO
abrir
GitHub PoC1
Enumeration tool for CVE-2024-45440
CVE-2024-45440MEDIUM10 fev 2026
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash
48RISCO
abrir
GitHub PoC
Laboratorio criado para PenTest da Vuln CVE 2024-214113(MONIKER LINK).
CVE-2024-21413CRITICALsob ataque10 fev 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC1
George0Papasotiriou/CVE-2025-59470-PostgreSQL-Command-Injection
CVE-2025-59470CRITICAL10 fev 2026
This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a mal
48RISCO
abrir
GitHub PoC1
George0Papasotiriou/CVE-2025-15556-Notepad-WinGUp-Updater-RCE
CVE-2025-15556HIGHsob ataque10 fev 2026
Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification
71RISCO
abrir
GitHub PoC3
George0Papasotiriou/CVE-2025-14174-Chrome-Zero-Day
CVE-2025-14174HIGHsob ataque10 fev 2026
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perfor
76RISCO
abrir
GitHub PoC
bixiPRO/Drupalgeddon2-CVE-2018-7600
CVE-2018-7600CRITICALsob ataqueransomware10 fev 2026
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISCO
abrir
GitHub PoC1
George0Papasotiriou/CVE-2025-55182-React2Shell-CVSS-10.0-
CVE-2025-55182CRITICALsob ataqueransomware10 fev 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
RCE on Next 16.0.6
CVE-2025-55182CRITICALsob ataqueransomware10 fev 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Proof-of-concept exploit for CVE-2017-12542, an authentication bypass vulnerability in HP iLO. Allows vulnerability detection and unauthorized account creation on affected systems
CVE-2017-1254209 fev 2026
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53
60RISCO
abrir
GitHub PoC1
An exploitation tool for the Next.js vulnerability CVE-2025-55182 that allows remote command execution through a poisoning prototype in React Server Components.
CVE-2025-55182CRITICALsob ataqueransomware09 fev 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
ISabbiI/PoC---CVE-2023-26482-RCE-LAB-Nextcloud
CVE-2023-26482CRITICAL09 fev 2026
Scope of workflow operations is not validated in nextcloud server
63RISCO
abrir
GitHub PoC
CVE-2025-9074: Docker Desktop LPE via Docker Engine API wo/ AuthN in posix sh
CVE-2025-9074CRITICAL09 fev 2026
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RISCO
abrir
GitHub PoC
HikVision Auth Bypass CVE, tool is able to extract credentials, and take snapshots based on magic cookie or supplied credentials.
CVE-2017-7921CRITICALsob ataque09 fev 2026
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
100RISCO
abrir
anteriorpágina 73 / 440próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.