Exploração pública
Catálogo de exploits
Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.
71.180exploits catalogados
31.691CVEs com exploração pública
0testados em laboratório
TodosExploit-DB 22.469Referência 19.841GitHub PoC 13.140VulnCheck XDB 8.078Nuclei 4.190Metasploit 3.462✓ só verificadosrecentespopularesrisco
13.140 exploits
GitHub PoC
kaleth4/CVE-2024-6387
Openssh: regresshion - race condition in ssh allows rce/dos
63RISCO
abrir ↗GitHub PoC
This repository contains a proof-of-concept (PoC) exploit for CVE-2024-11680, a critical vulnerability in ProjectSend r1605 and earlier versions. The exploit is aimed at incorrect authentication due to problems with incorrect privilege settings and command injection.
ProjectSend Unauthenticated Configuration Modification
100RISCO
abrir ↗GitHub PoC
wtbacon/cve-2018-15473
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticati
70RISCO
abrir ↗GitHub PoC★ 6
Chatwoot SQL injection in FilterService
Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values
41RISCO
abrir ↗GitHub PoC
Hoverfly CVE RCE
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISCO
abrir ↗GitHub PoC★ 1
CVE-2022-46364 Apache CXF XOP:Include SSRF / LFI
Apache CXF SSRF Vulnerability
48RISCO
abrir ↗GitHub PoC★ 3
Automating the exploitation of CVE-2026-7299 - Stored XSS via Database Table/Column Names in SQL Autocomplete within Appsmith =>1.99. Initial discovery 30/03/26
CVE-2026-7299
33RISCO
abrir ↗GitHub PoC
PoC CVE-2025-54123 - Hoverfly <= 1.11.3 - Authenticated Middleware Command Injection
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISCO
abrir ↗GitHub PoC
vettrivel007/CVE-2024-1086
Use-after-free in Linux kernel's netfilter: nf_tables component
76RISCO
abrir ↗GitHub PoC
amikanev/CVE-2025-55182-LAB
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 1
akelaqe/CVE-2024-27348-HugeGraph-RCE
Apache HugeGraph-Server: Command execution in gremlin
100RISCO
abrir ↗GitHub PoC
JacobTaylor3/CVE-2021-21220
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to po
100RISCO
abrir ↗GitHub PoC
Apache ActiveMQ (CVE-2023-46604) zafiyetinden LockBit ransomware aşamasına uzanan 419 saatlik sızma vakasının uçtan uca analizi, SIEM korelasyon kuralları ve IOC listesi.
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
100RISCO
abrir ↗GitHub PoC
CVE-2024-6387 OpenSSH 信号竞争漏洞(regreSSHion)分析报告及检测脚本
Openssh: regresshion - race condition in ssh allows rce/dos
63RISCO
abrir ↗GitHub PoC
Setup and exploit recreation for CVE-2022-42889 Text4Shell.
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
60RISCO
abrir ↗GitHub PoC
CVE-2022-22947 vulnerability task
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe
100RISCO
abrir ↗GitHub PoC
0x0asif/CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RISCO
abrir ↗GitHub PoC★ 2
This vulnerability allows an attacker to perform SSRF (Server-Side Request Forgery) attacks on Apache CXF webservices that accept MTOM/XOP requests. The issue exists in how the href attribute of xop:Include is parsed, allowing arbitrary URLs to be requested by the server.
Apache CXF SSRF Vulnerability
48RISCO
abrir ↗GitHub PoC
CVE-2025-54123 exploit and documentation
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISCO
abrir ↗GitHub PoC★ 1
Shashivanth009/CVE-2022-46364---Apache-CXF-XOP-Include-LFI-PoC
Apache CXF SSRF Vulnerability
48RISCO
abrir ↗GitHub PoC
A PoC demonstrating a RCE in Hoverfly (versions ≤ 1.11.3) by abusing the /api/v2/hoverfly/middleware endpoint and injecting a malicious middleware script
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISCO
abrir ↗GitHub PoC★ 7
CVE-2022-46364-Poc Apache CXF SSRF via MTOM XOP:Include
Apache CXF SSRF Vulnerability
48RISCO
abrir ↗GitHub PoC★ 4
Chrome extension that uses vulnerabilities CVE-2021-33044 and CVE-2021-33045 to log in to Dahua cameras without authentication.
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can by
100RISCO
abrir ↗GitHub PoC
Explota vulnerabilidad
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that
100RISCO
abrir ↗GitHub PoC
BOLA/IDOR vulnerability in osTicket ajax.tickets.php | Responsible Disclosure
osTicket v1.18.3 - v1.17.7 - BOLA/IDOR in ticket field viewing allows cross-department data disclosure
38RISCO
abrir ↗GitHub PoC★ 7
CVE-2025-54123 Hoverfly Authenticated Middleware Command Injection RCE
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISCO
abrir ↗GitHub PoC
Static analysis of the DarkSword iOS WebKit exploit chain — delivery, staging, and CVE breakdown (CVE-2025-31277, CVE-2025-43529)
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, mac
71RISCO
abrir ↗GitHub PoC
Conducted a full SOC investigation into a Conti ransomware compromise of an Exchange server using Splunk 8.2.2. Analysed 28,145 events across Windows Security, Sysmon, and IIS log sources to reconstruct the complete attack chain. Identified three exploited CVEs (CVE-2020-0796, CVE-2018-13374, CVE-2018-13379), located a trojanised cmd.exe
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 al
75RISCO
abrir ↗GitHub PoC
BastianXploited/CVE-2025-6440
WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
60RISCO
abrir ↗GitHub PoC
SentinelStream AI: A professional SIEM and SOAR platform featuring real-time threat correlation for CVE-2024-21410 and automated incident response logic.
Microsoft Exchange Server Elevation of Privilege Vulnerability
83RISCO
abrir ↗Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.