Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
71.180 exploits
GitHub PoC
b1nhack/CVE-2024-1086
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISCO
abrir ↗GitHub PoC
CVE-2026-8836 — lwIP SNMPv3 stack-based buffer overflow PoC (CVSS 9.8)
lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow
48RISCO
abrir ↗GitHub PoC
This exploit is based on CVE-2023-6553 and was built upon the original exploit by Chocapik, it was added that a direct reverse shell can be obtained.
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RISCO
abrir ↗GitHub PoC
Jeanback1/CVE-2019-0211-exploit
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RISCO
abrir ↗GitHub PoC
Dungsocool/CVE-2014-3120
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RISCO
abrir ↗GitHub PoC
CVE-2024-38475 exploitation & scanning tool with Mullvad VPN rotation
Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
100RISCO
abrir ↗VulnCheck XDB
initial-access
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗VulnCheck XDB
initial-access
Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
85RISCO
abrir ↗VulnCheck XDB
local
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privilege
83RISCO
abrir ↗VulnCheck XDB
initial-access
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execut
100RISCO
abrir ↗VulnCheck XDB
info-leak
Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
100RISCO
abrir ↗GitHub PoC
CVE-2026-23744 — Proof of concept exploit for an unauthenticated Remote Code Execution vulnerability in MCPJam Inspector <= 1.4.2.
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir ↗GitHub PoC
Remote Code Execution in MCPJam 1.4.2 and older.
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir ↗GitHub PoC★ 1
Interactive Ruby shell for authorized CVE-2025-55182 (react2shell) testing
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
Jeanback1/CVE-2019-9053-exploit
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir ↗GitHub PoC★ 2
CVE-2026-23744 RCE + Privilege Escalation
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir ↗GitHub PoC★ 1
SrGinebras/CVE-2026-23744-RCE-for-MCPjam-inspector-v1.4.2
REC in MCPJam inspector due to HTTP Endpoint exposes
75RISCO
abrir ↗GitHub PoC
Dungsocool/CVE-2018-7600
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbi
100RISCO
abrir ↗GitHub PoC
This exploit is based on CVE-2023-27350 and was built upon the original exploit by horizon3ai and the Metasploit module.
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
100RISCO
abrir ↗GitHub PoC
jomjosh17/Log4Shell-CVE-2021-44228-
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.