Critical Vulnerabilities with Public Exploits

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,468 CVEs tracked 53,663 with exploits 4,859 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,324 vendors 43,878 researchers
4,103 results Clear all
CVE-2018-20469 9.8 CRITICAL 1 PoC Analysis EPSS 0.06
Sahipro Sahi Pro < 8.0.0 - SQL Injection
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.
CWE-89 Jun 17, 2019
CVE-2018-19864 9.8 CRITICAL 1 PoC Analysis EPSS 0.33
NUUO NVRmini2 - Buffer Overflow
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.
CWE-119 Dec 05, 2018
CVE-2018-1000140 9.8 CRITICAL 2 PoCs Analysis EPSS 0.27
rsyslog librelp <1.2.14 - Buffer Overflow
rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.
CWE-787 Mar 23, 2018
CVE-2018-7841 9.8 CRITICAL KEV 1 PoC Analysis NUCLEI EPSS 0.55
U.motion Builder <1.3.4 - SQL Injection
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
CWE-89 May 22, 2019
CVE-2018-17173 9.8 CRITICAL EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.78
LG SuperSign CMS - RCE
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
CWE-94 Sep 21, 2018
CVE-2018-18500 9.8 CRITICAL 1 PoC Analysis EPSS 0.28
Mozilla Firefox < 65.0 - Use After Free
A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65.
CWE-416 Feb 05, 2019
CVE-2018-1235 9.8 CRITICAL 2 PoCs Analysis EPSS 0.52
EMC Recoverpoint < 5.1.2 - OS Command Injection
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege.
CWE-78 May 29, 2018
CVE-2018-4124 9.8 CRITICAL 1 PoC Analysis EPSS 0.26
Apple Iphone OS < 11.2.6 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13.3 Supplemental Update is affected. tvOS before 11.2.6 is affected. watchOS before 4.2.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a crafted string containing a certain Telugu character.
CWE-119 Apr 03, 2018
CVE-2018-17057 9.8 CRITICAL 1 PoC Analysis EPSS 0.52
TCPDF <6.2.22 - Deserialization
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
CWE-502 Sep 14, 2018
CVE-2018-11686 9.8 CRITICAL EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.93
Flowpaper Flexpaper < 2.3.6 - Improper Input Validation
The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php.
CWE-20 Jul 03, 2019
CVE-2018-13410 9.8 CRITICAL 1 PoC Analysis EPSS 0.08
Zip - Use After Free
Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands
CWE-416 Jul 06, 2018
CVE-2018-20162 9.9 CRITICAL 1 PoC Analysis EPSS 0.04
Digi TransPort LR54 <4.4.0.26 - Privilege Escalation
Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root.
CWE-20 Mar 21, 2019
CVE-2018-19524 9.8 CRITICAL 1 PoC Analysis EPSS 0.32
Shenzhen Skyworth DT741 - DoS/Remote Code Execution
An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7.
CWE-20 Mar 21, 2019
CVE-2018-5782 9.8 CRITICAL 1 PoC Analysis EPSS 0.32
Mitel Connect ONSITE <R1711-PREM - RCE
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
CWE-94 Mar 14, 2018
CVE-2018-17388 9.8 CRITICAL 1 PoC Analysis EPSS 0.01
Twilio WEB To Fax Machine System 1.0 - SQL Injection
SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php.
CWE-89 Jun 19, 2019
CVE-2018-17393 9.8 CRITICAL 1 PoC Analysis EPSS 0.01
HealthNode Hospital Management System 1.0 - SQL Injection
SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.
CWE-89 Jun 19, 2019
CVE-2018-20841 9.8 CRITICAL EXPLOITED 1 PoC Analysis EPSS 0.35
Hootoo Tripmate Titan Ht-tm05 Firmware - OS Command Injection
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.
CWE-78 Jun 11, 2019
CVE-2018-14485 9.8 CRITICAL 1 PoC Analysis EPSS 0.43
BlogEngine.NET 3.3 - XML External Entity (XXE)
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.
CWE-611 May 07, 2019
CVE-2018-20526 9.8 CRITICAL EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.86
Roxyfileman Roxy Fileman - Unrestricted File Upload
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
CWE-434 Mar 21, 2019
CVE-2018-20525 9.1 CRITICAL 1 PoC Analysis EPSS 0.34
Roxyfileman Roxy Fileman - Path Traversal
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
CWE-22 Mar 21, 2019

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation