Critical Vulnerabilities with Public Exploits

Updated 33m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,378 CVEs tracked 53,627 with exploits 4,858 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,288 vendors 43,849 researchers
4,101 results Clear all
CVE-2015-9098 9.8 CRITICAL 1 PoC Analysis EPSS 0.40
Red-gate Sql Monitor < 3.5 - SQL Injection
In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).
CWE-89 Jun 22, 2017
CVE-2015-6024 9.8 CRITICAL 1 PoC Analysis EPSS 0.49
NetCommWireless HSPA 3G10WVE - Command Injection
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter.
CWE-77 Feb 09, 2017
CVE-2015-8277 9.8 CRITICAL 1 PoC Analysis EPSS 0.80
Flexera FlexNet Publisher <11.13.1.2 - Buffer Overflow
Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a.
CWE-119 Feb 24, 2016
CVE-2015-7564 9.8 CRITICAL 1 PoC Analysis EPSS 0.02
TeamPass <2.1.24 - SQL Injection
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
CWE-89 Apr 12, 2017
CVE-2015-8299 9.8 CRITICAL 1 PoC Analysis EPSS 0.12
KNX ETS 4.1.5 - Build 3246 - RCE
Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet.
CWE-119 Aug 29, 2017
CVE-2015-7567 9.8 CRITICAL 1 PoC Analysis EPSS 0.15
Yeager CMS 1.2.1 - SQL Injection
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter.
CWE-89 Feb 18, 2020
CVE-2015-7568 9.8 CRITICAL 1 PoC Analysis EPSS 0.06
Yeager CMS 1.2.1 - SQL Injection
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.
CWE-89 Apr 24, 2017
CVE-2015-7247 9.8 CRITICAL 1 PoC Analysis EPSS 0.31
D-link Dvg-n5402sp Firmware - Information Disclosure
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.
CWE-200 Apr 24, 2017
CVE-2015-7246 9.8 CRITICAL 1 PoC Analysis EPSS 0.33
D-link Dvg-n5402sp Firmware - Hard-coded Credentials
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
CWE-798 Apr 24, 2017
CVE-2015-4594 9.8 CRITICAL 1 PoC Analysis EPSS 0.12
Eclinicalworks Population Health - Improper Access Control
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.
CWE-284 Jan 10, 2017
CVE-2015-8282 9.8 CRITICAL 1 PoC Analysis EPSS 0.26
SeaWell Networks Spectrum SDC <2.05.00 - Info Disclosure
SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.
CWE-255 Apr 13, 2017
CVE-2015-8261 9.8 CRITICAL 1 PoC Analysis EPSS 0.04
Ipswitch WhatsUp Gold <16.4 - SQL Injection
The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.
CWE-89 Jan 08, 2016
CVE-2015-8396 10.0 CRITICAL 1 PoC Analysis EPSS 0.19
Grassroots DICOM <2.6.2 - RCE
Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.
CWE-189 Jan 12, 2016
CVE-2015-7874 9.8 CRITICAL 1 PoC Analysis EPSS 0.23
KiTTY Portable <0.65.0.2p - RCE
Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname.
CWE-120 Jan 15, 2020
CVE-2015-8617 9.8 CRITICAL 1 PoC Analysis EPSS 0.27
PHP <7.0.1 - RCE
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.
CWE-134 Jan 19, 2016
CVE-2015-8352 9.8 CRITICAL 1 PoC Analysis EPSS 0.38
Zen Cart <1.5.4 - Path Traversal
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
CWE-22 Aug 24, 2017
CVE-2015-8556 10.0 CRITICAL 1 PoC Analysis EPSS 0.21
Gentoo QEMU <2.5.0-r1 - Privilege Escalation
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
CWE-362 Mar 24, 2017
CVE-2015-7545 9.8 CRITICAL 1 PoC Analysis EPSS 0.35
Git <2.3.10-2.6.1 - RCE
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
CWE-284 Apr 13, 2016
CVE-2015-7251 9.8 CRITICAL 1 PoC Analysis EPSS 0.39
ZTE Zxhn H108n R1a Firmware - Credentials Management
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
CWE-255 Dec 30, 2015
CVE-2015-9316 9.8 CRITICAL 1 PoC Analysis EPSS 0.01
Wpfastestcache WP Fastest Cache < 0.8.4.9 - SQL Injection
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.
CWE-89 Aug 14, 2019

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation