Critical Vulnerabilities with Public Exploits

Updated 5h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,417 CVEs tracked 53,633 with exploits 4,859 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,306 vendors 43,872 researchers
4,101 results Clear all
CVE-2017-11467 9.8 CRITICAL EXPLOITED 2 PoCs Analysis EPSS 0.76
OrientDB <2.2.22 - RCE
OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.
CWE-269 Jul 20, 2017
CVE-2017-9101 9.8 CRITICAL 4 PoCs Analysis EPSS 0.80
PlaySMS 1.4 - RCE
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.
CWE-434 May 21, 2017
CVE-2017-3248 9.8 CRITICAL 5 PoCs Analysis EPSS 0.91
Oracle WebLogic Server <12.2.1.1 - RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).
Jan 27, 2017
CVE-2017-0372 9.8 CRITICAL 1 PoC Analysis EPSS 0.58
Mediawiki < 1.23.15 - Injection
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
CWE-74 Apr 13, 2018
CVE-2017-5817 9.8 CRITICAL 3 PoCs Analysis EPSS 0.83
HP Intelligent Management Center < 7.3 - Improper Input Validation
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CWE-20 Feb 15, 2018
CVE-2017-5816 9.8 CRITICAL 3 PoCs Analysis EPSS 0.90
HP Intelligent Management Center < 7.3 - Improper Input Validation
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CWE-20 Feb 15, 2018
CVE-2017-12557 9.8 CRITICAL 2 PoCs Analysis EPSS 0.86
HP Intelligent Management Center < 7.3 - Insecure Deserialization
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
CWE-502 Feb 15, 2018
CVE-2017-13696 9.8 CRITICAL 7 PoCs Analysis EPSS 0.63
Flexense Dupscout - Memory Corruption
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request.
CWE-119 Jan 24, 2018
CVE-2017-18044 9.8 CRITICAL 2 PoCs Analysis EPSS 0.83
Commvault < 11.0 - OS Command Injection
A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain message parsing function inside the Commvault service does not properly validate the input of an incoming string before passing it to CreateProcess. As a result, a specially crafted message can inject commands that will be executed on the target operating system. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the cvd daemon. This is a different vulnerability than CVE-2017-3195.
CWE-78 Jan 19, 2018
CVE-2017-17968 9.8 CRITICAL 2 PoCs Analysis EPSS 0.55
Xi-soft Nettransport Download Manager < 2.96l - Memory Corruption
A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.
CWE-119 Dec 29, 2017
CVE-2017-17932 9.8 CRITICAL 4 PoCs Analysis EPSS 0.77
Allmediaserver < 0.95 - Memory Corruption
A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888.
CWE-119 Dec 28, 2017
CVE-2017-13708 9.8 CRITICAL 1 PoC Analysis EPSS 0.71
Vxsearch VX Search - Memory Corruption
Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request.
CWE-119 Aug 31, 2017
CVE-2017-11394 9.8 CRITICAL 2 PoCs Analysis EPSS 0.81
Trendmicro Officescan - Improper Input Validation
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
CWE-20 Aug 03, 2017
CVE-2017-11517 9.8 CRITICAL 2 PoCs Analysis EPSS 0.37
Geutebrueck Gcore <1.4.2.37 - Buffer Overflow
Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.
CWE-119 Jul 21, 2017
CVE-2017-9791 9.8 CRITICAL KEV 10 PoCs Analysis NUCLEI EPSS 0.94
Apache Struts 2.1.x-2.3.x - RCE
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
CWE-20 Jul 10, 2017
CVE-2017-9544 9.8 CRITICAL 3 PoCs Analysis EPSS 0.80
EFS Software Easy Chat Server <3.1 - Buffer Overflow
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
CWE-787 Jun 12, 2017
CVE-2017-1092 9.8 CRITICAL 3 PoCs Analysis EPSS 0.78
IBM Informix Open Admin Tool <12.1 - RCE
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
May 22, 2017
CVE-2017-8895 9.8 CRITICAL 2 PoCs Analysis EPSS 0.67
Veritas Backup Exec <16 FP1 - Use After Free
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.
CWE-416 May 10, 2017
CVE-2017-7230 9.8 CRITICAL 2 PoCs Analysis EPSS 0.66
Disk Sorter Enterprise <9.5.12 - RCE
A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request.
CWE-119 Mar 22, 2017
CVE-2017-6187 9.8 CRITICAL 2 PoCs Analysis EPSS 0.69
Disksavvy Enterprise - Memory Corruption
Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request.
CWE-119 Feb 22, 2017

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation