Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.116 exploits
GitHub PoC
CMS Simple CVE Recode Script Python 3
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir ↗GitHub PoC
Cybersecurity-Enthusiasts-CE/CVE-2025-55182-Researching-process
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC
LoGGGG2402/CVE-2025-27407
Remote code execution when loading a crafted GraphQL schema
48RISCO
abrir ↗GitHub PoC
bhatbhupendra/Moniker-Link--CVE-2024-21413-
Microsoft Outlook Remote Code Execution Vulnerability
100RISCO
abrir ↗GitHub PoC★ 1
im2sinister/CVE-2021-41773
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir ↗GitHub PoC
DONKEY0xSHOT/CVE-2017-11882-Blocker
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Mi
100RISCO
abrir ↗GitHub PoC
Some Proof-of-Concept (POCs) for CVE-2025-29927, CVE-2026-27978, and CVE-2026-29057 in Next.js.
Authorization Bypass in Next.js Middleware
85RISCO
abrir ↗GitHub PoC
patch-manager
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and se
35RISCO
abrir ↗GitHub PoC
Web application penetration testing project targeting a WordPress environment. Includes exploitation of CVE-2019-9978, reverse shell execution, post-exploitation steps, and full pentesting report.
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_optio
100RISCO
abrir ↗GitHub PoC
CVE-2024-3273 — Authorized Penetration Test Report D-Link DNS-320L NAS | Client: Otonata
D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection
100RISCO
abrir ↗GitHub PoC★ 2
CVE-2025-55177 + CVE-2025-43300: reverse-engineering the WhatsApp-ImageIO zero-click iOS chain, with interactive labs.
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Bu
63RISCO
abrir ↗GitHub PoC
AbokorMAHAMMADMOUSSE/CVE-2025-25279-Mattermost-Path-Traversal
Arbitrary file read in Mattermost Boards via import & export board archive
53RISCO
abrir ↗GitHub PoC
Runtime patches for algertc/alpr-dashboard: async logger fix and CVE-2025-29927 nginx mitigation
Authorization Bypass in Next.js Middleware
85RISCO
abrir ↗GitHub PoC★ 1
its simple Shellshock exploit
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗GitHub PoC
End-to-end SOC investigation: CVE-2011-2523 kill chain, multi-source log correlation, incident report — MITRE ATT&CK T1190
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir ↗GitHub PoC
HTB Season 10 - Pterodactyl machine writeup. Medium Linux box covering CVE-2025-49132 (Pterodactyl Panel RCE) and CVE-2025-6018/6019 (udisks2 privilege escalation).
Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
68RISCO
abrir ↗GitHub PoC
End-to-end cybersecurity project demonstrating detection and mitigation of CVE-2024-38063 using IDS, host-based monitoring, and virtual lab attack simulation.
Windows TCP/IP Remote Code Execution Vulnerability
70RISCO
abrir ↗GitHub PoC
Unauthenticated_RCE.CVE-2025-47812
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection o
100RISCO
abrir ↗GitHub PoC
Poc for React2Shell CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 2
CVE-2025-68645
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1
98RISCO
abrir ↗GitHub PoC
POC exploit for CVE-2026-25895 FUXA Unauthenticated Path Traversal -> Arbitrary File Write -> RCE
FUXA Unauthenticated Remote Code Execution via Arbitrary File Write in Upload API
48RISCO
abrir ↗GitHub PoC
Bug Bounty: CVE-2023-50839 IDOR identified in a third-party support component via 'gau' and 'Nuclei'. Despite perimeter redirects, the outdated software remained exposed. Confirmed through manual header analysis. Severity: 5.3 (Medium). Focused on Defense in Depth failures and PII protection. Status: Reported on Intigriti.
WordPress JS Help Desk – Best Help Desk & Support Plugin <= 2.8.1 is vulnerable to SQL Injection
63RISCO
abrir ↗GitHub PoC
Cybersecurity lab demonstrating exploitation of CVE-2017-0144 (EternalBlue) using Metasploit against a vulnerable Windows 7 VM, achieving SYSTEM-level access via Meterpreter. Includes full attack chain, post exploitation, and mitigation via MS17-010 patching, tested in an isolated ethical lab environment.
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows
100RISCO
abrir ↗GitHub PoC★ 1
Recreation and analysis of a curious logic error in Apache 2.4.49 that escalated to remote code execution
Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
100RISCO
abrir ↗GitHub PoC
HackTheBox TwoMillion machine writeup — API abuse, command injection & CVE-2023-0386
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities wa
86RISCO
abrir ↗GitHub PoC
Find jenkins environment and checks for CVE-2024-23897
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an
100RISCO
abrir ↗GitHub PoC
Sanitized advisory for CVE-2025-51846 affecting CryptPad WebSocket handling.
CryptPad unbounded WebSocket frame flood
41RISCO
abrir ↗GitHub PoC
End-to-end simulation of detecting a root-less Android Drop Device (Casper) using Wazuh SIEM to capture Layer 7 attacks like Shellshock (CVE-2014-6271).
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir ↗GitHub PoC
Security toolkit for CVE-2025-55182 (React2Shell) — scan, detect, correlate, and test React Server Components RCE vulnerability
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.