Critical Vulnerabilities with Public Exploits
Updated 2h agoSearch and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.
4,101 results
Clear all
CVE-2018-5974
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.01
SimpleCalendar 3.1.9 - SQL Injection
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.
CWE-89
Feb 17, 2018
CVE-2018-5971
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.01
MediaLibrary Free 4.0.12 - SQL Injection
SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.
CWE-89
Feb 17, 2018
CVE-2018-5970
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.01
JGive 2.0.9 - SQL Injection
SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.
CWE-89
Feb 17, 2018
CVE-2018-6928
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.00
News Website Script - SQL Injection
PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term.
CWE-89
Feb 13, 2018
CVE-2018-6911
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.29
Advantech Webaccess - OS Command Injection
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).
CWE-78
Feb 13, 2018
CVE-2018-6376
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.02
Joomla! < 3.8.4 - SQL Injection
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
CWE-89
Jan 30, 2018
CVE-2018-6871
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.30
LibreOffice <5.4.5 & 6.x <6.0.1 - Info Disclosure
LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.
Feb 09, 2018
CVE-2018-3608
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.04
Trendmicro Antivirus + Security < 12.0.1191 - Code Injection
A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.
CWE-94
Jul 06, 2018
CVE-2018-25220
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.00
Bochs 2.6-5 Buffer Overflow Remote Code Execution
Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges.
CWE-787
Mar 28, 2026
CVE-2018-6180
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.15
Online Voting System 1.0 - Info Disclosure
A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts.
CWE-287
Feb 08, 2018
CVE-2018-6609
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.03
Jsp Tickets - SQL Injection
SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.
CWE-89
Feb 05, 2018
CVE-2018-6605
9.8
CRITICAL
EXPLOITED
1 PoC
Analysis
NUCLEI
EPSS 0.91
ZH Baidumap - SQL Injection
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
CWE-89
Feb 05, 2018
CVE-2018-6604
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.01
ZH Yandexmap - SQL Injection
SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request.
CWE-89
Feb 05, 2018
CVE-2018-6582
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.01
ZH Googlemap - SQL Injection
SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
CWE-89
Feb 05, 2018
CVE-2018-6317
9.1
CRITICAL
1 PoC
Analysis
EPSS 0.73
Claymore Dual Miner < 10.5 - Format String Vulnerability
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.
CWE-134
Feb 02, 2018
CVE-2018-6581
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.01
Joommasters Jms Music - SQL Injection
SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.
CWE-89
Feb 02, 2018
CVE-2018-6580
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.24
Janguo Jimtawl - Unrestricted File Upload
Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.
CWE-434
Feb 02, 2018
CVE-2018-6579
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.01
Jextn Reverse Auction - SQL Injection
SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.
CWE-89
Feb 02, 2018
CVE-2018-6578
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.01
Jextn JE Paypervideo - SQL Injection
SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
CWE-89
Feb 02, 2018
CVE-2018-6577
9.8
CRITICAL
1 PoC
Analysis
EPSS 0.01
Jextn Membership - SQL Injection
SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request.
CWE-89
Feb 02, 2018