Critical Vulnerabilities with Public Exploits

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

358,886 CVEs tracked 54,545 with exploits 5,038 exploited in wild 1,623 CISA KEV 4,199 Nuclei templates 55,408 vendors 47,654 researchers
4,344 results Clear all
CVE-2020-37066 9.8 CRITICAL SSVC PoC 1 PoC Analysis EPSS 0.00
GoldWave 5.70 - Stack-based Buffer Overflow via File Open URL Dialog
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute commands when the file is opened.
CWE-121 Feb 03, 2026 STIX 2.1
CVE-2020-37069 9.8 CRITICAL SSVC PoC 1 PoC Analysis EPSS 0.01
Konica Minolta FTP Utility 1.0 - Buffer Overflow
Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the NLST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute unauthorized code.
CWE-120 Feb 03, 2026 STIX 2.1
CVE-2020-37068 9.8 CRITICAL SSVC PoC 1 PoC Analysis EPSS 0.01
Konica Minolta FTP Utility 1.0 - Buffer Overflow
Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the LIST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute unauthorized code.
CWE-120 Feb 03, 2026 STIX 2.1
CVE-2020-37067 9.8 CRITICAL SSVC PoC 1 PoC Analysis EPSS 0.00
Filetto 1.0 - Denial of Service via Oversized FEAT Command
Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers to crash the service. Attackers can send an oversized FEAT command with 11,008 bytes of repeated characters to trigger a buffer overflow and terminate the FTP service.
CWE-770 Feb 03, 2026 STIX 2.1
CVE-2020-37070 9.8 CRITICAL SSVC PoC 1 PoC Analysis EPSS 0.00
CloudMe 1.11.2 - Remote Code Execution via Crafted Network Packets
CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a specially crafted payload to the CloudMe service running on port 8888, enabling remote code execution.
CWE-120 Feb 03, 2026 STIX 2.1
CVE-2020-37071 9.8 CRITICAL SSVC PoC 1 PoC 1 Writeup Analysis EPSS 0.01
CraftCMS 3 vCard Plugin 1.0.0 - Code Injection
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download functionality with a specially crafted request.
CWE-502 Feb 03, 2026 STIX 2.1
CVE-2020-13118 9.8 CRITICAL 1 PoC Analysis EPSS 0.04
Mikrotik Router Monitoring System <2018-10-22 - SQL Injection
An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community.
CWE-89 May 16, 2020 STIX 2.1
CVE-2020-37074 9.8 CRITICAL SSVC PoC 1 PoC Analysis EPSS 0.00
Remote Desktop Audit 2.3.0.157 - RCE
Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) bypass and execute shellcode when importing computer lists.
CWE-120 Feb 03, 2026 STIX 2.1
CVE-2020-37075 9.8 CRITICAL SSVC PoC 1 PoC Analysis EPSS 0.00
LanSend 3.2 - Remote Code Execution via Add Computers Wizard File Import
LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) overwrite and execute shellcode when importing computers from a file.
CWE-120 Feb 03, 2026 STIX 2.1
CVE-2020-28140 9.8 CRITICAL 1 PoC Analysis EPSS 0.02
SourceCodester Online Clothing Store 1.0 - Arbitrary File Upload via Products.php Image Upload
SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.
CWE-434 Nov 17, 2020 STIX 2.1
CVE-2020-14972 9.8 CRITICAL 1 PoC Analysis EPSS 0.05
Sourcecodester Pisay Online E-Learning System 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages.
CWE-89 Jun 22, 2020 STIX 2.1
CVE-2020-37080 9.8 CRITICAL SSVC PoC 1 PoC Analysis EPSS 0.00
webTareas 2.0.p8 - Privilege Escalation
webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on the server through an unauthenticated file deletion mechanism.
CWE-73 Feb 03, 2026 STIX 2.1
CVE-2020-28138 9.8 CRITICAL 1 PoC Analysis EPSS 0.02
SourceCodester Online Clothing Store 1.0 - SQL Injection via txtUserName Parameter
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.
CWE-89 Nov 17, 2020 STIX 2.1
CVE-2020-37082 9.8 CRITICAL SSVC PoC 1 PoC Analysis EPSS 0.01
webERP 4.15.1 - Unauthenticated Database Backup File Access
webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the companies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.
CWE-552 Feb 03, 2026 STIX 2.1
CVE-2020-37090 9.8 CRITICAL SSVC PoC 1 PoC Analysis EPSS 0.01
School ERP Pro 1.0 - Unauthenticated Remote Code Execution via Message Attachment Upload
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server.
CWE-434 Feb 03, 2026 STIX 2.1
CVE-2020-12429 9.8 CRITICAL 1 PoC Analysis EPSS 0.02
Online Course Registration 2.0 - SQL Injection
Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, and pincode-verification.php.
CWE-89 Apr 28, 2020 STIX 2.1
CVE-2020-37094 9.8 CRITICAL SSVC PoC 1 PoC Analysis EPSS 0.01
EspoCRM 5.8.5 - Authentication Bypass via Authorization Header Manipulation
EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and privileges.
CWE-639 Feb 03, 2026 STIX 2.1
CVE-2020-37120 9.8 CRITICAL SSVC PoC 1 PoC Analysis EPSS 0.00
Rubo DICOM Viewer 2.0 - Buffer Overflow
Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and triggering remote code execution.
CWE-121 Feb 05, 2026 STIX 2.1
CVE-2020-37119 9.8 CRITICAL SSVC PoC 1 PoC Analysis EPSS 0.01
Nsasoft Nsauditor 3.0.28 and 3.2.1.0 - Stack-based Buffer Overflow via DNS Lookup Tool
Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a carefully constructed exploit.
CWE-121 Feb 05, 2026 STIX 2.1
CVE-2020-5260 9.3 CRITICAL 3 PoCs 1 Writeup Analysis EPSS 0.10
Git < 2.17.4, 2.18.0-2.18.3 - Credential Leak via Encoded Newline in URL
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.
CWE-20 Apr 14, 2020 STIX 2.1

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-41702: Forty-Seven Microseconds in /var/run/vmware/cnx-tmp
May 17, 2026
Hermes Agent with EIP Harness: The Vulnerability Research Assistant That Also Runs Your Pipelines
May 13, 2026
CVE-2026-41940: cPanel & WHM Pre-Auth RCE - Two Write Paths, One Filter
May 01, 2026
EIP STIX 2.1 / TAXII 2.1 Feed: Exploit Intelligence for Your Stack
Apr 29, 2026
CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
 View all posts →

CVEForge Labs

CVE-2026-45829 CRITICAL
ChromaDB >=1.0.0 - Unauthenticated Remote Code Execution via Malicious Model Repository
CVE-2026-42859 HIGH
Neat VNC: Buffer overflow due to oversized RSA public keys
CVE-2026-3296 CRITICAL
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
CVE-2026-34980 HIGH
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
CVE-2026-35414 MEDIUM
OpenSSH < 10.3 - Always-Incorrect Control Flow Implementation in Authorized Keys Principals Handling
CVE-2026-33765 CRITICAL
Pi-hole Web <6.0 savesettings.php - Command Injection
CVE-2026-4105 MEDIUM
Red Hat Enterprise Linux 10 - Improper Access Control via systemd-machined RegisterMachine D-Bus Method
CVE-2026-30861 CRITICAL
WeKnora 0.2.5-0.2.9 - Unauthenticated Remote Code Execution via MCP stdio Configuration Validation Bypass
CVE-2026-30860 CRITICAL
WeKnora <0.2.12 - RCE via SQL Injection
CVE-2026-28391 CRITICAL
OpenClaw <2026.2.2 - Command Injection
 View all labs →

KEV Gaps

CVE-2026-48027
Compromised Nx Console version 18.95.0
 CVE-2026-8398
DAEMON Tools Lite 12.5.0.2421-12.5.0.2434 - Embedded Malicious Code in Trojanized Installer
 CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
 CVE-2009-1537
Microsoft DirectX 7.0-9.0c - Remote Code Execution via QuickTime Movie Parser Filter
 CVE-2026-6973
Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Authenticated Remote Code Execution
 CVE-2025-29635
D-Link DIR-823X 240126 and 240802 - Authenticated Remote Command Execution via /goform/set_prohibiting
 CVE-2024-57728
SimpleHelp < 5.5.8 - Authenticated Path Traversal and Arbitrary File Write via Zip Slip
 CVE-2024-57726
SimpleHelp < 5.5.8 - Missing Authorization for API Key Creation
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration Suite 8.8.15, 9.0, 10.0-10.1 - Stored Cross-Site Scripting via Crafted Email HTML Content