Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
13.116 exploits
GitHub PoC
Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback
CVE-2025-6389CRITICAL18 abr 2026
Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback
60RISCO
abrir
GitHub PoC
Exploiting bluekeep (CVE-2019-0708)on windows 7 using metasploit (Educational lab)
CVE-2019-0708CRITICALsob ataqueransomware17 abr 2026
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISCO
abrir
GitHub PoC
Exploiting BlueKeep (CVE-2019-0708) on Windows 7 using Metasploit
CVE-2019-0708CRITICALsob ataqueransomware17 abr 2026
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISCO
abrir
GitHub PoC13
Escalating privilege in the system from unsigned driver using throttlestop vulnerability
CVE-2025-7771HIGH17 abr 2026
Code Execution / Escalation of Privileges in ThrottleStop
41RISCO
abrir
GitHub PoC
Published Details for this CVE
CVE-2025-66954MEDIUM17 abr 2026
A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to
33RISCO
abrir
GitHub PoC
yutasato88/CVE-2021-3560-PolkitPrivilegeEsclation
CVE-2021-3560HIGHsob ataque17 abr 2026
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RISCO
abrir
GitHub PoC
Escaner de identificacion de vulnerabilidades para CVE-2025-4322
CVE-2025-4322CRITICAL17 abr 2026
Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover
68RISCO
abrir
GitHub PoC
coolkiee/CVE-2019-9053
CVE-2019-905317 abr 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir
GitHub PoC1
CVE-2021-25337
CVE-2021-25337MEDIUMsob ataque17 abr 2026
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted
63RISCO
abrir
GitHub PoC
CVE-2025-8110 Specifically for the Silentium box on HTB.
CVE-2025-8110HIGHsob ataque17 abr 2026
File overwrite in file update API in Gogs
100RISCO
abrir
GitHub PoC
Samba CVE-2007-2447 Exploit
CVE-2007-244717 abr 2026
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISCO
abrir
GitHub PoC
Exploiting bluekeep (CVE-2019-0708) on windows 7 using metasplotable
CVE-2019-0708CRITICALsob ataqueransomware17 abr 2026
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISCO
abrir
GitHub PoC2
Saku0512/CVE-2026-40176-poc
CVE-2026-40176HIGH16 abr 2026
Composer is vulnerable to Command Injection via Malicious Perforce Repository
41RISCO
abrir
GitHub PoC
CVE-2025-24893 – XWiki SSTI unauthenticated RCE exploit (HackTheBox CTF)
CVE-2025-24893CRITICALsob ataque16 abr 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir
GitHub PoC1
Investigation of a PAN-OS CVE-2024-3400 command injection attempt, analyzing payload delivery, internal processing, and execution validation based on log evidence.
CVE-2024-3400CRITICALsob ataqueransomware16 abr 2026
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RISCO
abrir
GitHub PoC
CVE-2025-49113 – Roundcube ≤1.6.10 post-auth RCE via PHP object deserialization (HackTheBox CTF)
CVE-2025-49113CRITICALsob ataque16 abr 2026
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RISCO
abrir
GitHub PoC
A critical access control vulnerability in locally deployed Pro-Bit application in versions less than v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories.
CVE-2025-69428HIGH16 abr 2026
An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdi
41RISCO
abrir
GitHub PoC1
ZaidArif47/CVE-2024-42009
CVE-2024-42009CRITICALsob ataque16 abr 2026
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RISCO
abrir
GitHub PoC1
CVE-2010-2075 exploit
CVE-2010-207516 abr 2026
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally
60RISCO
abrir
GitHub PoC
Gogs RCE PoC - CVE-2025-8110
CVE-2025-8110HIGHsob ataque15 abr 2026
File overwrite in file update API in Gogs
100RISCO
abrir
GitHub PoC
A documented penetration testing lab built on Kali Linux and Metasploitable2, walking through a full attack chain from network traffic analysis and service enumeration through to exploiting the vsftpd 2.3.4 backdoor (CVE-2011-2523) and achieving root access. Includes blue team detection notes and MITRE ATT&CK mapping throughout.
CVE-2011-252315 abr 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC
Ava-Vispilio/CVE-2024-3094
CVE-2024-3094CRITICAL15 abr 2026
Xz: malicious code in distributed source
70RISCO
abrir
GitHub PoC
This repository contains alternative payload approaches for the InvokeAI RCE vulnerability (CVE-2024-12029) when SSH key injection fails. The payloads are designed to test if pickle deserialization is actually occurring and provide alternative access methods.
CVE-2024-12029CRITICAL15 abr 2026
Remote Code Execution via Model Deserialization in invoke-ai/invokeai
63RISCO
abrir
GitHub PoC1
A simple python script to exploit CVE-2025-59528, this an Authenticated RCE vulnerability in Flowise application, a popular AI tool. That is also used in HTB seasonal challenge. The issue is present in version <= 3.0.5, for more details: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3gcm-f6qx-ff7p
CVE-2025-59528CRITICAL15 abr 2026
Flowise has Remote Code Execution vulnerability
85RISCO
abrir
GitHub PoC1
Authenticated Remote Code Execution (RCE) exploit for Flowise AI versions ≤ 3.0.4. Leverages a vulnerability in the /api/v1/node-load-method/customMCP endpoint to execute arbitrary system commands via Node.js child_process.execSync(). Includes full PoC script and remediation steps.
CVE-2025-59528CRITICAL15 abr 2026
Flowise has Remote Code Execution vulnerability
85RISCO
abrir
GitHub PoC
Secured root-level access by identifying and exploiting misconfigurations and outdated software. Buffer overflow vulnerability in an outdated version of mod_ssl (CVE-2002-0082). Privilege escalation was subsequently achieved by exploiting a race condition in the Linux kernel's "ptrace" utility (CVE-2003-0127),
CVE-2002-008215 abr 2026
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly
28RISCO
abrir
GitHub PoC
Secured root-level access by identifying and exploiting misconfigurations and outdated software. Buffer overflow vulnerability in an outdated version of mod_ssl (CVE-2002-0082). Privilege escalation was subsequently achieved by exploiting a race condition in the Linux kernel's "ptrace" utility (CVE-2003-0127),
CVE-2003-012715 abr 2026
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root p
23RISCO
abrir
GitHub PoC
Repositorio para la práctica de DEV sobre la vulnerabilidad CVE-2021-4034. Realizada únicamente con fines académicos.
CVE-2021-4034HIGHsob ataque15 abr 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC1
Unauthenticated password reset exploit for Flowise AI ≤ 3.0.5. Abuses the /api/v1/account/forgot-password endpoint to change any user's password without prior authentication. Includes a proof-of-concept script and mitigation guidelines.
CVE-2025-58434CRITICAL15 abr 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir
GitHub PoC
Fixed CVE-2019-9053
CVE-2019-905315 abr 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir
anteriorpágina 54 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.