Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
13.140 exploits
GitHub PoC
CVE-2025-8088 is a critical path traversal vulnerability in WinRAR 7.12
CVE-2025-8088HIGHsob ataque07 abr 2026
Path traversal vulnerability in WinRAR
93RISCO
abrir
GitHub PoC1
Apache Tomcat(CVE-2020-1938)漏洞验证脚本
CVE-2020-1938CRITICALsob ataque07 abr 2026
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomc
100RISCO
abrir
GitHub PoC
Project: vsFTPd 2.3.4 backdoor exploitation (CVE-2011-2523) on Metasploitable 2.
CVE-2011-252307 abr 2026
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
60RISCO
abrir
GitHub PoC4
PoC for CVE-2026-13585
CVE-2026-13585HIGH07 abr 2026
Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in
41RISCO
abrir
GitHub PoC
CVE-2026-28766: Missing Authentication on User Account Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-28766CRITICAL07 abr 2026
Gardyn Cloud API Missing Authentication for Critical Function
48RISCO
abrir
GitHub PoC
Este script es para uso educativo y en entornos autorizados como HackTheBox. El uso contra sistemas sin permiso explícito es ilegal.
CVE-2025-9074CRITICAL07 abr 2026
Docker Desktop allows unauthenticated access to Docker Engine API from containers
48RISCO
abrir
GitHub PoC
thorat-shubham/JXL_Infotainment_CVE-2025-69515
CVE-2025-69515CRITICAL07 abr 2026
An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system int
48RISCO
abrir
GitHub PoC
CVE-2026-28767: Missing Authentication on Admin Notifications Endpoint — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-28767MEDIUM07 abr 2026
Gardyn Cloud API Missing Authentication for Critical Function
33RISCO
abrir
GitHub PoC
e1st/CVE-2025-56015
CVE-2025-56015HIGH07 abr 2026
In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint.
41RISCO
abrir
GitHub PoC
sathish46-lab/CVE-2025-48384-submodule
CVE-2025-48384HIGHsob ataque07 abr 2026
Git allows arbitrary code execution through broken config quoting
71RISCO
abrir
GitHub PoC
Python Exploit for CVE: 2018-9276
CVE-2018-9276HIGHsob ataque07 abr 2026
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administra
100RISCO
abrir
GitHub PoC
CVE-2025-13315
CVE-2025-13315CRITICAL07 abr 2026
Unauthenticated log access in Twonky Server
75RISCO
abrir
GitHub PoC1
Ninja Forms File Uploads <= 3.3.26 - Unauthenticated Arbitrary File Upload to RCE (CVE-2026-0740)
CVE-2026-0740CRITICAL07 abr 2026
Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload
75RISCO
abrir
GitHub PoC
CVE-2025-10681: Hardcoded Azure Blob Storage Account Key — Gardyn Home Kit (ICSA-26-055-03)
CVE-2025-10681HIGH07 abr 2026
Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials
41RISCO
abrir
GitHub PoC
CVE-2026-25197: Authorization Bypass via IDOR — Gardyn Home Kit (ICSA-26-055-03)
CVE-2026-25197CRITICAL07 abr 2026
Gardyn Cloud API Authorization Bypass Through User-Controlled Key
48RISCO
abrir
GitHub PoC
zsxen/CVE-2025-1974
CVE-2025-1974CRITICAL06 abr 2026
ingress-nginx admission controller RCE escalation
85RISCO
abrir
GitHub PoC
PoC: CVE-2025-30065 incomplete fix bypass in Apache Parquet Java 1.15.1
CVE-2025-30065CRITICAL06 abr 2026
Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
60RISCO
abrir
GitHub PoC1
End-to-end vulnerability management lifecycle on Azure Windows Server 2025. Features OS patching and network-level compensating controls (NSG) to mitigate CVE-2025-14847.
CVE-2025-14847HIGHsob ataque06 abr 2026
Zlib compressed protocol header length confusion may allow memory read
100RISCO
abrir
GitHub PoC
amikanev/CVE-2025-23061-LAB
CVE-2025-23061CRITICAL06 abr 2026
Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NO
63RISCO
abrir
GitHub PoC1
Exploit for CVE-2023-32749 affecting Pydio Cells 4.1.2 and earlier
CVE-2023-32749HIGH06 abr 2026
Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying t
46RISCO
abrir
GitHub PoC
zsxen/cve-2025-1974-lab
CVE-2025-1974CRITICAL06 abr 2026
ingress-nginx admission controller RCE escalation
85RISCO
abrir
GitHub PoC
open-flaw/CVE-2025-49844
CVE-2025-49844CRITICAL06 abr 2026
Redis Lua Use-After-Free may lead to remote code execution
85RISCO
abrir
GitHub PoC
avitoriagomes/CVE-2024-29988
CVE-2024-29988HIGHsob ataque06 abr 2026
SmartScreen Prompt Security Feature Bypass Vulnerability
83RISCO
abrir
GitHub PoC
rachidafaf/bola-CVE-2023-27524
CVE-2023-27524HIGHsob ataque05 abr 2026
Apache Superset: Session validation vulnerability when using provided default SECRET_KEY
100RISCO
abrir
GitHub PoC
Um estudo de caso do CVE-2024-21413. Usado como parâmetro a sala do TryHackMe Moniker Link (CVE-2024-21413). Feito edições com claude code no exploit.
CVE-2024-21413CRITICALsob ataque05 abr 2026
Microsoft Outlook Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability.
CVE-2017-5638CRITICALsob ataqueransomware05 abr 2026
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception ha
100RISCO
abrir
GitHub PoC1
A comprehensive collection of 12 containerized web exploitation challenges covering CVE-2023-25690, WebAuthn bypasses, HTTP/3 smuggling, and advanced XSS/RCE chains
CVE-2023-25690CRITICAL05 abr 2026
Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy
70RISCO
abrir
GitHub PoC
python code for CVE-2018-15473, using paramiko
CVE-2018-15473MEDIUM05 abr 2026
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RISCO
abrir
GitHub PoC
Technical analysis of CVE-2025-55182 (React2Shell RCE vulnerability)
CVE-2025-55182CRITICALsob ataqueransomware04 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
Analysis and exploitation of a Next.js authorization bypass vulnerability (CVE-2025-29927)
CVE-2025-29927CRITICAL04 abr 2026
Authorization Bypass in Next.js Middleware
85RISCO
abrir
anteriorpágina 58 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.