Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
13.140 exploits
GitHub PoC
Analysis and exploitation of a Next.js authorization bypass vulnerability (CVE-2025-29927)
CVE-2025-29927CRITICAL04 abr 2026
Authorization Bypass in Next.js Middleware
85RISCO
abrir
GitHub PoC
Pre-authentication LFI Lead to RCE
CVE-2026-39938CRITICAL04 abr 2026
Cacti: Unauthenticated RCE on Graph Image
48RISCO
abrir
GitHub PoC
vettrivel007/CVE-2024-49138
CVE-2024-49138HIGHsob ataque04 abr 2026
Windows Common Log File System Driver Elevation of Privilege Vulnerability
76RISCO
abrir
GitHub PoC
ElinaNotElina/cve-2024-3094-analysis
CVE-2024-3094CRITICAL04 abr 2026
Xz: malicious code in distributed source
70RISCO
abrir
GitHub PoC
tryj/CVE-2012-1823---PHP-CGI---RCE
CVE-2012-1823CRITICALsob ataque03 abr 2026
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
100RISCO
abrir
GitHub PoC1
TP-Link Router Authenticated RCE Exploit (CVE-2022-30075) Bu araç, TP-Link Archer AX50 ve bazı diğer TP-Link router modellerinde bulunan **CVE-2022-30075** güvenlik açığını kullanarak kimliği doğrulanmış uzaktan komut çalıştırma (Authenticated Remote Code Execution) işlemi gerçekleştirir.
CVE-2022-3007503 abr 2026
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote
35RISCO
abrir
GitHub PoC
CVE-2025-59059: Misattributed RCE in Apache Ranger Static Analysis Correction
CVE-2025-59059CRITICAL03 abr 2026
Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator
48RISCO
abrir
GitHub PoC1
Bash script to detect CVE-2025-55182 (React2Shell) and credential exposure in Next.js projects. Zero dependencies.
CVE-2025-55182CRITICALsob ataqueransomware03 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC2
Perforce security research and tools - CVE-2026-6043
CVE-2026-6043HIGH03 abr 2026
Insecure Default Configuration in P4 Server
41RISCO
abrir
GitHub PoC1
Exploit CVE-2022-46363
CVE-2022-46364CRITICAL03 abr 2026
Apache CXF SSRF Vulnerability
48RISCO
abrir
GitHub PoC
CVE-2025-55182
CVE-2025-55182CRITICALsob ataqueransomware02 abr 2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir
GitHub PoC
🛡️ SSH User Enumeration (CVE-2018-15473). Python 3, multihilo y calibración anti-falsos positivos. 🧵
CVE-2018-15473MEDIUM02 abr 2026
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RISCO
abrir
GitHub PoC
This repository contains a comprehensive security assessment of an enterprise LAN environment. The core focus of this project was the identification, exploitation, and remediation of the **Shellshock (CVE-2014-6271)** vulnerability within a Linux-based web server.
CVE-2014-6271CRITICALsob ataque02 abr 2026
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
100RISCO
abrir
GitHub PoC
Second CVE still Remote Code Execution
CVE-2026-35196HIGH02 abr 2026
Chamilo LMS has OS Command Injection via export_all_certificates action
41RISCO
abrir
GitHub PoC8
POC for CVE-2026-23416 (linux kernel 6.17 – linux kernel 7 rc5) - vulnerability discovered by Antonius
CVE-2026-2341602 abr 2026
mm/mseal: update VMA end correctly on merge
23RISCO
abrir
GitHub PoC
📂 Grafana LFI Exploit (CVE-2021-43798). Extracción automatizada de credenciales y configuración. 🕵️
CVE-2021-43798HIGHsob ataque02 abr 2026
Grafana path traversal
100RISCO
abrir
GitHub PoC
nicostan15/CVE-2022-46169
CVE-2022-46169CRITICALsob ataque02 abr 2026
Unauthenticated Command Injection
100RISCO
abrir
GitHub PoC
Full penetration test report against `IP` (Ubuntu VM). Attack chain: directory enumeration → backup file discovery → password cracking → CMS file upload → reverse shell → kernel privilege escalation (Dirty Pipe, CVE-2022-0847).
CVE-2022-0847HIGHsob ataque02 abr 2026
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in cop
100RISCO
abrir
GitHub PoC
CVE-2025-29927 - Next.js漏洞测试工具
CVE-2025-29927CRITICAL02 abr 2026
Authorization Bypass in Next.js Middleware
85RISCO
abrir
GitHub PoC
Deliberately vulnerable Next.js application demonstrating CVE-2025-29927 (middleware-based auth bypass) for learning and bug bounty practice.
CVE-2025-29927CRITICAL02 abr 2026
Authorization Bypass in Next.js Middleware
85RISCO
abrir
GitHub PoC
Módulo de Metasploit para explotar CVE-2025-24054 (ex 24071). Exploit de filtración NTLM integrado en Metasploit para vectores de ataque basados en bibliotecas de Windows.
CVE-2025-24054MEDIUMsob ataque01 abr 2026
NTLM Hash Disclosure Spoofing Vulnerability
75RISCO
abrir
GitHub PoC3
Detect, assess, and respond to supply chain attacks across npm/yarn and Python (pip/poetry/uv). Claude Code skill + standalone scripts. Built during axios RAT (2026-03-31) and Starlette BadHost CVE-2026-48710 (2026-05-22).
CVE-2026-48710MEDIUM01 abr 2026
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
48RISCO
abrir
GitHub PoC11
Full-chain exploit for CVE-2025-2783 (Ipcz Sandbox Escape & RCE).
CVE-2025-2783HIGHsob ataque01 abr 2026
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allow
71RISCO
abrir
GitHub PoC
Full penetration testing workflow: credential brute force, SSH access and privilege escalation (CVE-2021-4034)
CVE-2021-4034HIGHsob ataque01 abr 2026
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool
100RISCO
abrir
GitHub PoC
CVE-2021-21220 Exploitation infrastructure
CVE-2021-21220HIGHsob ataque01 abr 2026
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RISCO
abrir
GitHub PoC
Analisis de CVE relacionada con stack overflow
CVE-2025-5548MEDIUM01 abr 2026
FreeFloat FTP Server NOOP Command buffer overflow
38RISCO
abrir
GitHub PoC1
Technical analysis of a SharePoint ToolShell (CVE-2025-53770) exploitation attempt involving RCE, webshell deployment, and MachineKey extraction.
CVE-2025-53770CRITICALsob ataqueransomware01 abr 2026
Microsoft SharePoint Server Remote Code Execution Vulnerability
100RISCO
abrir
GitHub PoC
TLevente20/HTTP-2-RapidReset-CVE-2023-44487-Testlab
CVE-2023-44487HIGHsob ataque01 abr 2026
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many
93RISCO
abrir
GitHub PoC
kavin71725/CVE-2025-12543-Fix-for-Wildfly
CVE-2025-12543CRITICAL01 abr 2026
Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf
48RISCO
abrir
GitHub PoC
FortiGate CVE-2022-40684 assessment tool for user enumeration, configuration dump, and lab testing.
CVE-2022-40684CRITICALsob ataqueransomware01 abr 2026
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 an
100RISCO
abrir
anteriorpágina 59 / 438próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.