Critical Vulnerabilities with Public Exploits
Updated 2h agoSearch and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.
4,103 results
Clear all
CVE-2018-1000134
9.8
CRITICAL
1 PoC
EPSS 0.02
UnboundID LDAP SDK - Incorrect Access Control
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6.
CWE-521
Mar 16, 2018
CVE-2018-4367
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.08
Apple Iphone OS < 12.1 - Memory Corruption
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.
CWE-119
Apr 03, 2019
CVE-2018-18957
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
Mz-automation Libiec61850 - Out-of-Bounds Write
An issue has been found in libIEC61850 v1.3. It is a stack-based buffer overflow in prepareGooseBuffer in goose/goose_publisher.c.
CWE-787
Nov 05, 2018
CVE-2018-25135
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.00
Anviz AIM CrossChex Standard 4.3.6.0 - Code Injection
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.
CWE-149
Dec 24, 2025
CVE-2018-18758
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.01
Open Faculty Evaluation System - SQL Injection
Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18757.
CWE-89
Jun 19, 2019
CVE-2018-18757
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.01
Open Faculty Evaluation System - SQL Injection
Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.
CWE-89
Jun 19, 2019
CVE-2018-18800
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
Tubigan Welcome TO Our Resort - SQL Injection
The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.
CWE-89
May 14, 2019
CVE-2018-18798
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
School Attendance Monitoring System - SQL Injection
Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view.
CWE-89
Mar 21, 2019
CVE-2018-18805
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
Pointofsales - SQL Injection
Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.
CWE-89
Nov 16, 2018
CVE-2018-18804
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
Bakeshop Inventory System - SQL Injection
Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb.
CWE-89
Nov 16, 2018
CVE-2018-18803
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
Curriculum Evaluation System - SQL Injection
Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.
CWE-89
Nov 16, 2018
CVE-2018-18801
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
Bsen Ordering Software - SQL Injection
The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].
CWE-89
Nov 16, 2018
CVE-2018-18795
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
School Event Management System - SQL Injection
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.
CWE-89
Nov 16, 2018
CVE-2018-18793
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.19
School Event Management System - Unrestricted File Upload
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
CWE-434
Nov 16, 2018
CVE-2018-18763
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
Saltos - SQL Injection
SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.
CWE-89
Nov 16, 2018
CVE-2018-18761
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.01
Saltos - SQL Injection
SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection.
CWE-89
Nov 16, 2018
CVE-2018-18755
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
K-iwi - SQL Injection
K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter.
CWE-89
Nov 16, 2018
CVE-2018-18822
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.00
Grapixel New Media - SQL Injection
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
CWE-89
Oct 30, 2018
CVE-2018-18704
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.00
Phptpoint Pharmacy Management System - SQL Injection
PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter.
CWE-89
Oct 29, 2018
CVE-2018-18527
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.00
Owndms Ownticket - SQL Injection
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.
CWE-89
Oct 19, 2018