Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.116 exploits
GitHub PoC
Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback
Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback
60RISCO
abrir ↗GitHub PoC
Exploiting bluekeep (CVE-2019-0708)on windows 7 using metasploit (Educational lab)
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISCO
abrir ↗GitHub PoC
Exploiting BlueKeep (CVE-2019-0708) on Windows 7 using Metasploit
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISCO
abrir ↗GitHub PoC★ 13
Escalating privilege in the system from unsigned driver using throttlestop vulnerability
Code Execution / Escalation of Privileges in ThrottleStop
41RISCO
abrir ↗GitHub PoC
Published Details for this CVE
A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to
33RISCO
abrir ↗GitHub PoC
yutasato88/CVE-2021-3560-PolkitPrivilegeEsclation
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privile
91RISCO
abrir ↗GitHub PoC
Escaner de identificacion de vulnerabilidades para CVE-2025-4322
Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover
68RISCO
abrir ↗GitHub PoC
coolkiee/CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir ↗GitHub PoC★ 1
CVE-2021-25337
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted
63RISCO
abrir ↗GitHub PoC
CVE-2025-8110 Specifically for the Silentium box on HTB.
File overwrite in file update API in Gogs
100RISCO
abrir ↗GitHub PoC
Samba CVE-2007-2447 Exploit
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands
50RISCO
abrir ↗GitHub PoC
Exploiting bluekeep (CVE-2019-0708) on windows 7 using metasplotable
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISCO
abrir ↗GitHub PoC★ 2
Saku0512/CVE-2026-40176-poc
Composer is vulnerable to Command Injection via Malicious Perforce Repository
41RISCO
abrir ↗GitHub PoC
CVE-2025-24893 – XWiki SSTI unauthenticated RCE exploit (HackTheBox CTF)
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir ↗GitHub PoC★ 1
Investigation of a PAN-OS CVE-2024-3400 command injection attempt, analyzing payload delivery, internal processing, and execution validation based on log evidence.
PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
100RISCO
abrir ↗GitHub PoC
CVE-2025-49113 – Roundcube ≤1.6.10 post-auth RCE via PHP object deserialization (HackTheBox CTF)
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RISCO
abrir ↗GitHub PoC
A critical access control vulnerability in locally deployed Pro-Bit application in versions less than v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories.
An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdi
41RISCO
abrir ↗GitHub PoC★ 1
ZaidArif47/CVE-2024-42009
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RISCO
abrir ↗GitHub PoC★ 1
CVE-2010-2075 exploit
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally
60RISCO
abrir ↗GitHub PoC
A documented penetration testing lab built on Kali Linux and Metasploitable2, walking through a full attack chain from network traffic analysis and service enumeration through to exploiting the vsftpd 2.3.4 backdoor (CVE-2011-2523) and achieving root access. Includes blue team detection notes and MITRE ATT&CK mapping throughout.
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir ↗GitHub PoC
This repository contains alternative payload approaches for the InvokeAI RCE vulnerability (CVE-2024-12029) when SSH key injection fails. The payloads are designed to test if pickle deserialization is actually occurring and provide alternative access methods.
Remote Code Execution via Model Deserialization in invoke-ai/invokeai
63RISCO
abrir ↗GitHub PoC★ 1
A simple python script to exploit CVE-2025-59528, this an Authenticated RCE vulnerability in Flowise application, a popular AI tool. That is also used in HTB seasonal challenge. The issue is present in version <= 3.0.5, for more details: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3gcm-f6qx-ff7p
Flowise has Remote Code Execution vulnerability
85RISCO
abrir ↗GitHub PoC★ 1
Authenticated Remote Code Execution (RCE) exploit for Flowise AI versions ≤ 3.0.4. Leverages a vulnerability in the /api/v1/node-load-method/customMCP endpoint to execute arbitrary system commands via Node.js child_process.execSync(). Includes full PoC script and remediation steps.
Flowise has Remote Code Execution vulnerability
85RISCO
abrir ↗GitHub PoC
Secured root-level access by identifying and exploiting misconfigurations and outdated software. Buffer overflow vulnerability in an outdated version of mod_ssl (CVE-2002-0082). Privilege escalation was subsequently achieved by exploiting a race condition in the Linux kernel's "ptrace" utility (CVE-2003-0127),
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly
28RISCO
abrir ↗GitHub PoC
Secured root-level access by identifying and exploiting misconfigurations and outdated software. Buffer overflow vulnerability in an outdated version of mod_ssl (CVE-2002-0082). Privilege escalation was subsequently achieved by exploiting a race condition in the Linux kernel's "ptrace" utility (CVE-2003-0127),
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root p
23RISCO
abrir ↗GitHub PoC
Repositorio para la práctica de DEV sobre la vulnerabilidad CVE-2021-4034. Realizada únicamente con fines académicos.
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir ↗GitHub PoC★ 1
Unauthenticated password reset exploit for Flowise AI ≤ 3.0.5. Abuses the /api/v1/account/forgot-password endpoint to change any user's password without prior authentication. Includes a proof-of-concept script and mitigation guidelines.
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir ↗GitHub PoC
Fixed CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.