Critical Vulnerabilities with Public Exploits

Updated 16m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

358,842 CVEs tracked 54,542 with exploits 5,038 exploited in wild 1,623 CISA KEV 4,199 Nuclei templates 55,398 vendors 47,646 researchers
4,342 results Clear all
CVE-2021-41653 9.8 CRITICAL EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.77
TP-Link TL-WR840N EU v5 Firmware <= TL-WR840N(EU)_V5_171211 - Remote Code Execution via PING IP Address Input
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
CWE-94 Nov 13, 2021 STIX 2.1
CVE-2021-43140 9.8 CRITICAL 2 PoCs Analysis EPSS 0.05
Simple Subscription Website 1.0 - SQL Injection via Login
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.
CWE-89 Nov 03, 2021 STIX 2.1
CVE-2021-43267 9.8 CRITICAL 3 PoCs 1 Writeup Analysis EPSS 0.58
Linux Kernel < 5.14.16 - Remote Denial of Service via TIPC MSG_CRYPTO Size Validation
An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
CWE-1284 Nov 02, 2021 STIX 2.1
CVE-2021-20028 9.8 CRITICAL KEV SSVC ACTIVE RANSOMWARE 1 PoC EPSS 0.30
SonicWall SRA and SMA Firmware 8.x-9.0.0.9-26sv - SQL Injection
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
CWE-89 Aug 04, 2021 STIX 2.1
CVE-2021-1965 9.8 CRITICAL 2 PoCs Analysis EPSS 0.03
Qualcomm Firmware - Buffer Overflow via MBSSID Scan IE Parse
Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE-120 Jul 13, 2021 STIX 2.1
CVE-2021-28476 9.9 CRITICAL 7 PoCs Analysis EPSS 0.39
Windows Hyper-V - Remote Code Execution
Windows Hyper-V Remote Code Execution Vulnerability
May 11, 2021 STIX 2.1
CVE-2021-30128 9.8 CRITICAL 2 PoCs Analysis NUCLEI EPSS 0.81
Apache OFBiz <17.12.07 - Deserialization
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
CWE-502 Apr 27, 2021 STIX 2.1
CVE-2021-29200 9.8 CRITICAL 2 PoCs Analysis NUCLEI EPSS 0.55
Apache OFBiz < 17.12.07 - Unauthenticated Remote Code Execution via Unsafe Deserialization
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack
CWE-502 Apr 27, 2021 STIX 2.1
CVE-2021-22893 10.0 CRITICAL KEV SSVC ACTIVE RANSOMWARE 12 PoCs Analysis EPSS 0.47
Pulse Connect Secure >=9.0R3/9.1R1 - Auth Bypass
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
CWE-287 Apr 23, 2021 STIX 2.1
CVE-2021-25281 9.8 CRITICAL EXPLOITED 3 PoCs Analysis NUCLEI EPSS 0.73
SaltStack Salt < 3002.5 - Unauthenticated Remote Command Execution via wheel_async Client
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
CWE-287 Feb 27, 2021 STIX 2.1
CVE-2021-36393 9.8 CRITICAL 2 PoCs Analysis EPSS 0.52
Moodle <3.9.8 and 3.11.0-beta-3.11.1 - SQL Injection
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
CWE-89 Mar 06, 2023 STIX 2.1
CVE-2021-44521 9.1 CRITICAL 3 PoCs Analysis NUCLEI EPSS 0.55
Apache Cassandra 3.0.0-3.0.25 - Authenticated Remote Code Execution via User Defined Functions
When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.
CWE-732 Feb 11, 2022 STIX 2.1
CVE-2021-35587 9.8 CRITICAL KEV SSVC ACTIVE 3 PoCs Analysis NUCLEI EPSS 0.96
Oracle Fusion Middleware - OpenSSO Agent - Unauthenticated RCE
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CWE-306 Jan 19, 2022 STIX 2.1
CVE-2021-43297 9.8 CRITICAL 2 PoCs Analysis EPSS 0.15
Apache Dubbo <2.6.12, <2.7.15, <3.0 - Code Injection
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use Hessian2 as the default serialization/deserialization protocol, during Hessian catch unexpected exceptions, Hessian will log out some imformation for users, which may cause remote command execution. This issue affects Apache Dubbo Apache Dubbo 2.6.x versions prior to 2.6.12; Apache Dubbo 2.7.x versions prior to 2.7.15; Apache Dubbo 3.0.x versions prior to 3.0.5.
CWE-502 Jan 10, 2022 STIX 2.1
CVE-2021-42392 9.8 CRITICAL 2 PoCs Analysis EPSS 0.63
H2 < 2.0.204 - Insecure Deserialization
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.
CWE-502 Jan 10, 2022 STIX 2.1
CVE-2021-43857 9.8 CRITICAL 6 PoCs 1 Writeup Analysis EPSS 0.56
Gerapy < 0.9.8 - Remote Code Execution
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.
CWE-78 Dec 27, 2021 STIX 2.1
CVE-2021-42670 9.8 CRITICAL 2 PoCs Analysis EPSS 0.08
Engineers Online Portal - SQL Injection via Announcements Student ID Parameter
A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
CWE-89 Nov 05, 2021 STIX 2.1
CVE-2021-42669 9.8 CRITICAL 2 PoCs Analysis EPSS 0.23
Engineers Online Portal - Unrestricted File Upload via Teacher Avatar Change
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing "<?php system($_GET["cmd"]); ?>" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id.
CWE-434 Nov 05, 2021 STIX 2.1
CVE-2021-42668 9.8 CRITICAL 2 PoCs Analysis EPSS 0.05
Engineers Online Portal - SQL Injection via id Parameter in my_classmates.php
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server.
CWE-89 Nov 05, 2021 STIX 2.1
CVE-2021-42667 9.8 CRITICAL 2 PoCs Analysis NUCLEI EPSS 0.16
Sourcecodester Online Event Booking and Reservation System - SQL Injection in Event Management Views
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.
CWE-89 Nov 05, 2021 STIX 2.1

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-41702: Forty-Seven Microseconds in /var/run/vmware/cnx-tmp
May 17, 2026
Hermes Agent with EIP Harness: The Vulnerability Research Assistant That Also Runs Your Pipelines
May 13, 2026
CVE-2026-41940: cPanel & WHM Pre-Auth RCE - Two Write Paths, One Filter
May 01, 2026
EIP STIX 2.1 / TAXII 2.1 Feed: Exploit Intelligence for Your Stack
Apr 29, 2026
CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
 View all posts →

CVEForge Labs

CVE-2026-45829 CRITICAL
ChromaDB >=1.0.0 - Unauthenticated Remote Code Execution via Malicious Model Repository
CVE-2026-42859 HIGH
Neat VNC: Buffer overflow due to oversized RSA public keys
CVE-2026-3296 CRITICAL
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
CVE-2026-34980 HIGH
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
CVE-2026-35414 MEDIUM
OpenSSH < 10.3 - Always-Incorrect Control Flow Implementation in Authorized Keys Principals Handling
CVE-2026-33765 CRITICAL
Pi-hole Web <6.0 savesettings.php - Command Injection
CVE-2026-4105 MEDIUM
Red Hat Enterprise Linux 10 - Improper Access Control via systemd-machined RegisterMachine D-Bus Method
CVE-2026-30861 CRITICAL
WeKnora 0.2.5-0.2.9 - Unauthenticated Remote Code Execution via MCP stdio Configuration Validation Bypass
CVE-2026-30860 CRITICAL
WeKnora <0.2.12 - RCE via SQL Injection
CVE-2026-28391 CRITICAL
OpenClaw <2026.2.2 - Command Injection
 View all labs →

KEV Gaps

CVE-2026-48027
Compromised Nx Console version 18.95.0
 CVE-2026-8398
DAEMON Tools Lite 12.5.0.2421-12.5.0.2434 - Embedded Malicious Code in Trojanized Installer
 CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
 CVE-2009-1537
Microsoft DirectX 7.0-9.0c - Remote Code Execution via QuickTime Movie Parser Filter
 CVE-2026-6973
Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Authenticated Remote Code Execution
 CVE-2025-29635
D-Link DIR-823X 240126 and 240802 - Authenticated Remote Command Execution via /goform/set_prohibiting
 CVE-2024-57728
SimpleHelp < 5.5.8 - Authenticated Path Traversal and Arbitrary File Write via Zip Slip
 CVE-2024-57726
SimpleHelp < 5.5.8 - Missing Authorization for API Key Creation
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration Suite 8.8.15, 9.0, 10.0-10.1 - Stored Cross-Site Scripting via Crafted Email HTML Content