Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
13.134 exploits
GitHub PoC
CVE-2025-49113 – Roundcube ≤1.6.10 post-auth RCE via PHP object deserialization (HackTheBox CTF)
CVE-2025-49113CRITICALsob ataque16 abr 2026
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the
100RISCO
abrir
GitHub PoC1
CVE-2010-2075 exploit
CVE-2010-207516 abr 2026
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally
60RISCO
abrir
GitHub PoC
CVE-2025-24893 – XWiki SSTI unauthenticated RCE exploit (HackTheBox CTF)
CVE-2025-24893CRITICALsob ataque16 abr 2026
Remote code execution as guest via SolrSearchMacros request in xwiki
100RISCO
abrir
GitHub PoC2
Saku0512/CVE-2026-40176-poc
CVE-2026-40176HIGH16 abr 2026
Composer is vulnerable to Command Injection via Malicious Perforce Repository
41RISCO
abrir
GitHub PoC
A critical access control vulnerability in locally deployed Pro-Bit application in versions less than v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories.
CVE-2025-69428HIGH16 abr 2026
An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdi
41RISCO
abrir
GitHub PoC1
ZaidArif47/CVE-2024-42009
CVE-2024-42009CRITICALsob ataque16 abr 2026
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RISCO
abrir
GitHub PoC
Fixed CVE-2019-9053
CVE-2019-905315 abr 2026
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve
35RISCO
abrir
GitHub PoC1
Unauthenticated password reset exploit for Flowise AI ≤ 3.0.5. Abuses the /api/v1/account/forgot-password endpoint to change any user's password without prior authentication. Includes a proof-of-concept script and mitigation guidelines.
CVE-2025-58434CRITICAL15 abr 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir
GitHub PoC
Secured root-level access by identifying and exploiting misconfigurations and outdated software. Buffer overflow vulnerability in an outdated version of mod_ssl (CVE-2002-0082). Privilege escalation was subsequently achieved by exploiting a race condition in the Linux kernel's "ptrace" utility (CVE-2003-0127),
CVE-2003-012715 abr 2026
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root p
23RISCO
abrir
GitHub PoC
Writeup och POC för CVE-2008-2992
CVE-2008-2992HIGHsob ataqueransomware15 abr 2026
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary c
100RISCO
abrir
GitHub PoC
opsecramdan/react2shell-cve-2025-55182
CVE-2025-55182CRITICALsob ataqueransomware15 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Secured root-level access by identifying and exploiting misconfigurations and outdated software. Buffer overflow vulnerability in an outdated version of mod_ssl (CVE-2002-0082). Privilege escalation was subsequently achieved by exploiting a race condition in the Linux kernel's "ptrace" utility (CVE-2003-0127),
CVE-2002-008215 abr 2026
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly
28RISCO
abrir
GitHub PoC
Gogs RCE PoC - CVE-2025-8110
CVE-2025-8110HIGHsob ataque15 abr 2026
File overwrite in file update API in Gogs
100RISCO
abrir
GitHub PoC1
A simple python script to exploit CVE-2025-59528, this an Authenticated RCE vulnerability in Flowise application, a popular AI tool. That is also used in HTB seasonal challenge. The issue is present in version <= 3.0.5, for more details: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3gcm-f6qx-ff7p
CVE-2025-59528CRITICAL15 abr 2026
Flowise has Remote Code Execution vulnerability
85RISCO
abrir
GitHub PoC1
Authenticated Remote Code Execution (RCE) exploit for Flowise AI versions ≤ 3.0.4. Leverages a vulnerability in the /api/v1/node-load-method/customMCP endpoint to execute arbitrary system commands via Node.js child_process.execSync(). Includes full PoC script and remediation steps.
CVE-2025-59528CRITICAL15 abr 2026
Flowise has Remote Code Execution vulnerability
85RISCO
abrir
GitHub PoC
Ava-Vispilio/CVE-2024-3094
CVE-2024-3094CRITICAL15 abr 2026
Xz: malicious code in distributed source
70RISCO
abrir
GitHub PoC
A documented penetration testing lab built on Kali Linux and Metasploitable2, walking through a full attack chain from network traffic analysis and service enumeration through to exploiting the vsftpd 2.3.4 backdoor (CVE-2011-2523) and achieving root access. Includes blue team detection notes and MITRE ATT&CK mapping throughout.
CVE-2011-252315 abr 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC
This repository contains alternative payload approaches for the InvokeAI RCE vulnerability (CVE-2024-12029) when SSH key injection fails. The payloads are designed to test if pickle deserialization is actually occurring and provide alternative access methods.
CVE-2024-12029CRITICAL15 abr 2026
Remote Code Execution via Model Deserialization in invoke-ai/invokeai
63RISCO
abrir
GitHub PoC
Repositorio para la práctica de DEV sobre la vulnerabilidad CVE-2021-4034. Realizada únicamente con fines académicos.
CVE-2021-4034HIGHsob ataque15 abr 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC
canpilayda/n8n-RCE-CVE-2025-68613
CVE-2025-68613CRITICALsob ataque14 abr 2026
n8n Vulnerable to Remote Code Execution via Expression Injection
100RISCO
abrir
GitHub PoC
FathanahHidayati/https-github.com-xaitax-CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
CVE-2024-21413CRITICALsob ataque14 abr 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
Saku0512/CVE-2026-35585-poc
CVE-2026-35585HIGH14 abr 2026
File Browser has a Command Injection via Hook Runner
41RISCO
abrir
GitHub PoC1
f8al/PoC-CVE-2020-9715
CVE-2020-9715HIGHsob ataque14 abr 2026
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.3
83RISCO
abrir
GitHub PoC
CVE-2025-58434 Flowise <= 3.0.5 and earlier allows account takeover via unauthenticated forgot-password token. CVE-2025-59528 lowiseAI Custom MCP Node Remote Code Execution.
CVE-2025-58434CRITICAL14 abr 2026
Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
75RISCO
abrir
GitHub PoC
PierfrancescoConti/leaflet-cve-2025-69993
CVE-2025-69993MEDIUM14 abr 2026
Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method. This
33RISCO
abrir
GitHub PoC1
This repository contains a Proof of Concept (PoC) exploit for CVE-2023-6972.
CVE-2023-6972CRITICAL13 abr 2026
Backup Migration <= 1.3.9 - Unauthenticated Path Traversal to Arbitrary File Deletion
48RISCO
abrir
GitHub PoC
[First-Blood-XO] React Server Component endpoint vulnerable to CVE-2025-55182 (RCE) → enumerated SUID binaries → /usr/bin/perl had SUID set → used Perl's POSIX setuid(0) to escalate to root → read /root/flag.txt
CVE-2025-55182CRITICALsob ataqueransomware13 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Gogs Symlink Traversal → RCE
CVE-2025-8110HIGHsob ataque13 abr 2026
File overwrite in file update API in Gogs
100RISCO
abrir
GitHub PoC
This is a special panel that is used to send POC requests with the output of responses.
CVE-2025-55182CRITICALsob ataqueransomware13 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Fork of gogs/gogs for reachability benchmark testing (CVE-2024-45337)
CVE-2024-45337CRITICAL13 abr 2026
Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
48RISCO
abrir
anteriorpágina 55 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.