Critical Vulnerabilities with Public Exploits

Updated 5h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

358,842 CVEs tracked 54,542 with exploits 5,038 exploited in wild 1,623 CISA KEV 4,199 Nuclei templates 55,398 vendors 47,646 researchers
4,342 results Clear all
CVE-2021-46428 9.8 CRITICAL 1 PoC Analysis EPSS 0.03
Sourcecodester Simple Chatbot App <1.0 - RCE
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php.
CWE-434 Jan 27, 2022 STIX 2.1
CVE-2021-46427 9.8 CRITICAL 1 PoC Analysis EPSS 0.02
Sourcecodester Simple Chatbot App 1.0 - SQL Injection
An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php.
CWE-89 Jan 27, 2022 STIX 2.1
CVE-2021-45835 9.8 CRITICAL 1 PoC 1 Writeup Analysis EPSS 0.03
Online Admission System 1.0 - Code Injection
The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution.
CWE-434 Mar 18, 2022 STIX 2.1
CVE-2021-45814 9.8 CRITICAL 1 PoC Analysis EPSS 0.06
Nettmp NNT 5.1 - SQL Injection
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
CWE-89 Dec 28, 2021 STIX 2.1
CVE-2021-40859 9.8 CRITICAL 3 PoCs Analysis NUCLEI EPSS 0.72
Auerswald COMpact 5500R <8.0B - RCE
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.
Dec 07, 2021 STIX 2.1
CVE-2021-43821 9.9 CRITICAL 1 PoC 2 Writeups Analysis EPSS 0.02
Opencast <9.10-10.6 - Path Traversal
Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interface. Before Opencast 9.10 and 10.6, Opencast would open and include local files during ingests. Attackers could exploit this to include most local files the process has read access to, extracting secrets from the host machine. An attacker would need to have the privileges required to add new media to exploit this. But these are often widely given. The issue has been fixed in Opencast 10.6 and 11.0. You can mitigate this issue by narrowing down the read access Opencast has to files on the file system using UNIX permissions or mandatory access control systems like SELinux. This cannot prevent access to files Opencast needs to read though and we highly recommend updating.
CWE-552 Dec 14, 2021 STIX 2.1
CVE-2021-45468 9.8 CRITICAL 1 PoC Analysis EPSS 0.04
Imperva Web Application Firewall < 2021-12-23 - Unauthenticated HTTP Request Smuggling via Gzip Content-Encoding
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
CWE-444 Jan 14, 2022 STIX 2.1
CVE-2021-47753 9.8 CRITICAL SSVC PoC 1 PoC Analysis EPSS 0.01
phpKF CMS 3.00 Beta y6 - Unauthenticated Arbitrary File Upload via File Extension Bypass
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter.
CWE-434 Jan 15, 2026 STIX 2.1
CVE-2021-3817 9.8 CRITICAL 1 PoC 1 Writeup Analysis EPSS 0.38
WBCE CMS < 1.5.2 - SQL Injection
wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
CWE-89 Dec 09, 2021 STIX 2.1
CVE-2021-45334 9.8 CRITICAL 1 PoC Analysis EPSS 0.03
Sourcecodester Online Thesis Archiving System 1.0 - SQL Injection
Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection
CWE-89 Jan 10, 2022 STIX 2.1
CVE-2021-41560 9.8 CRITICAL 1 PoC 1 Writeup Analysis EPSS 0.11
OpenCATS <= 0.9.6 - Remote Code Execution via Executable File Upload
OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php.
CWE-434 Dec 15, 2021 STIX 2.1
CVE-2021-47936 9.8 CRITICAL SSVC PoC 1 PoC Analysis EPSS 0.01
OpenCATS 0.9.4 Remote Code Execution via Resume Upload
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system commands via POST requests to the uploaded file in the upload directory.
CWE-306 May 10, 2026 STIX 2.1
CVE-2021-46013 9.8 CRITICAL 1 PoC Analysis EPSS 0.03
Sourcecodester Free school management software 1.0 - RCE
An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "<?php system($_GET["cmd"]); ?>" gets uploaded it is saved into /uploads/exam_question/ directory, and is accessible by all users.
CWE-434 Jan 18, 2022 STIX 2.1
CVE-2021-38759 9.8 CRITICAL 1 PoC Analysis EPSS 0.16
Raspberry Pi OS <5.10 - Privilege Escalation
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, attackers can gain administrator privileges.
CWE-1188 Dec 07, 2021 STIX 2.1
CVE-2021-32724 9.9 CRITICAL 1 PoC 1 Writeup Analysis EPSS 0.02
check-spelling < 0.0.19 - Sensitive Information Exposure via GitHub Token Leak
check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) enabled that triggers on `pull_request_target` (or `schedule`), an attacker can send a crafted Pull Request that causes a `GITHUB_TOKEN` to be exposed. With the `GITHUB_TOKEN`, it's possible to push commits to the repository bypassing standard approval processes. Commits to the repository could then steal any/all secrets available to the repository. As a workaround users may can either: [Disable the workflow](https://docs.github.com/en/actions/managing-workflow-runs/disabling-and-enabling-a-workflow) until you've fixed all branches or Set repository to [Allow specific actions](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#allowing-specific-actions-to-run). check-spelling isn't a verified creator and it certainly won't be anytime soon. You could then explicitly add other actions that your repository uses. Set repository [Workflow permissions](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository) to `Read repository contents permission`. Workflows using `check-spelling/check-spelling@main` will get the fix automatically. Workflows using a pinned sha or tagged version will need to change the affected workflows for all repository branches to the latest version. Users can verify who and which Pull Requests have been running the action by looking up the spelling.yml action in the Actions tab of their repositories, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml - you can filter PRs by adding ?query=event%3Apull_request_target, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml?query=event%3Apull_request_target.
CWE-532 Sep 09, 2021 STIX 2.1
CVE-2021-27651 9.8 CRITICAL 3 PoCs Analysis NUCLEI EPSS 0.54
Pega Infinity 8.2.1-8.5.2 - Authentication Bypass via Password Reset
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
CWE-287 Apr 29, 2021 STIX 2.1
CVE-2021-41081 9.8 CRITICAL 1 PoC Analysis EPSS 0.69
Zoho ManageEngine Network Config Mgr <125465 - SQL Injection
Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search.
CWE-89 Nov 11, 2021 STIX 2.1
CVE-2021-37832 9.8 CRITICAL 2 PoCs Analysis EPSS 0.04
HotelDruid 3.0.2 - SQL Injection via idappartamenti Parameter
A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.
CWE-89 Aug 03, 2021 STIX 2.1
CVE-2021-44655 9.8 CRITICAL 1 PoC Analysis EPSS 0.06
Online Pre-owned/Used Car Showroom Management System 1.0 - SQL Injection Authentication Bypass via Login Form
Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.
CWE-89 Dec 15, 2021 STIX 2.1
CVE-2021-44653 9.8 CRITICAL 1 PoC Analysis EPSS 0.06
Online Magazine Management System 1.0 - SQL Injection Authentication Bypass via Login Form
Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.
CWE-89 Dec 15, 2021 STIX 2.1

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-41702: Forty-Seven Microseconds in /var/run/vmware/cnx-tmp
May 17, 2026
Hermes Agent with EIP Harness: The Vulnerability Research Assistant That Also Runs Your Pipelines
May 13, 2026
CVE-2026-41940: cPanel & WHM Pre-Auth RCE - Two Write Paths, One Filter
May 01, 2026
EIP STIX 2.1 / TAXII 2.1 Feed: Exploit Intelligence for Your Stack
Apr 29, 2026
CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
 View all posts →

CVEForge Labs

CVE-2026-45829 CRITICAL
ChromaDB >=1.0.0 - Unauthenticated Remote Code Execution via Malicious Model Repository
CVE-2026-42859 HIGH
Neat VNC: Buffer overflow due to oversized RSA public keys
CVE-2026-3296 CRITICAL
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
CVE-2026-34980 HIGH
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
CVE-2026-35414 MEDIUM
OpenSSH < 10.3 - Always-Incorrect Control Flow Implementation in Authorized Keys Principals Handling
CVE-2026-33765 CRITICAL
Pi-hole Web <6.0 savesettings.php - Command Injection
CVE-2026-4105 MEDIUM
Red Hat Enterprise Linux 10 - Improper Access Control via systemd-machined RegisterMachine D-Bus Method
CVE-2026-30861 CRITICAL
WeKnora 0.2.5-0.2.9 - Unauthenticated Remote Code Execution via MCP stdio Configuration Validation Bypass
CVE-2026-30860 CRITICAL
WeKnora <0.2.12 - RCE via SQL Injection
CVE-2026-28391 CRITICAL
OpenClaw <2026.2.2 - Command Injection
 View all labs →

KEV Gaps

CVE-2026-48027
Compromised Nx Console version 18.95.0
 CVE-2026-8398
DAEMON Tools Lite 12.5.0.2421-12.5.0.2434 - Embedded Malicious Code in Trojanized Installer
 CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
 CVE-2009-1537
Microsoft DirectX 7.0-9.0c - Remote Code Execution via QuickTime Movie Parser Filter
 CVE-2026-6973
Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Authenticated Remote Code Execution
 CVE-2025-29635
D-Link DIR-823X 240126 and 240802 - Authenticated Remote Command Execution via /goform/set_prohibiting
 CVE-2024-57728
SimpleHelp < 5.5.8 - Authenticated Path Traversal and Arbitrary File Write via Zip Slip
 CVE-2024-57726
SimpleHelp < 5.5.8 - Missing Authorization for API Key Creation
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration Suite 8.8.15, 9.0, 10.0-10.1 - Stored Cross-Site Scripting via Crafted Email HTML Content