Critical Vulnerabilities with Public Exploits

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,589 CVEs tracked 53,640 with exploits 4,860 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,361 vendors 43,897 researchers
4,105 results Clear all
CVE-2022-26809 9.8 CRITICAL EXPLOITED RANSOMWARE 10 PoCs Analysis EPSS 0.93
Microsoft Windows RPC Runtime - Remote Code Execution
Remote Procedure Call Runtime Remote Code Execution Vulnerability
Apr 15, 2022
CVE-2022-45476 9.8 CRITICAL 1 PoC 1 Writeup Analysis EPSS 0.01
Prasathmani Tiny File Manager - Unrestricted File Upload
Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload.
CWE-434 Nov 25, 2022
CVE-2022-28368 9.8 CRITICAL 5 PoCs Analysis EPSS 0.70
Dompdf 1.2.1 - RCE
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).
CWE-79 Apr 03, 2022
CVE-2022-0482 9.1 CRITICAL EXPLOITED 3 PoCs Analysis NUCLEI EPSS 0.91
GitHub alextselegidis/easyappointments <1.4.3 - Info Disclosure
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
CWE-359 Mar 09, 2022
CVE-2022-45477 9.8 CRITICAL 1 PoC Analysis EPSS 0.10
Telepad < 1.0.7 - Missing Authentication
Telepad allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-306 Dec 05, 2022
CVE-2022-4395 9.8 CRITICAL 2 PoCs Analysis EPSS 0.76
Membership For WooCommerce <2.1.7 - Unauthenticated RCE
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
Jan 30, 2023
CVE-2022-39227 9.1 CRITICAL 2 PoCs Analysis EPSS 0.71
Python-jwt < 3.3.4 - Authentication Bypass by Spoofing
python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. There are no known workarounds.
CWE-290 Sep 23, 2022
CVE-2022-20140 9.8 CRITICAL 1 PoC Analysis EPSS 0.04
Android -12, -12L - Privilege Escalation
In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-227618988
CWE-787 Jun 15, 2022
CVE-2022-4681 9.8 CRITICAL 1 PoC Analysis EPSS 0.07
Hide My WP <6.2.9 - SQL Injection
The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Feb 06, 2023
CVE-2022-44151 9.8 CRITICAL 1 PoC Analysis EPSS 0.00
Simple Inventory Management System v1.0 - SQL Injection
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.
CWE-89 Nov 30, 2022
CVE-2022-1040 9.8 CRITICAL KEV RANSOMWARE 8 PoCs Analysis NUCLEI EPSS 0.94
Sophos Sfos < 18.5.3 - Authentication Bypass
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
Mar 25, 2022
CVE-2022-37434 9.8 CRITICAL 3 PoCs Analysis EPSS 0.93
Zlib < 1.2.12 - Out-of-Bounds Write
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
CWE-120 Aug 05, 2022
CVE-2022-36553 9.8 CRITICAL EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.94
Hytec Inter HWL-2511-SS <v1.05 - Command Injection
Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.
CWE-77 Aug 29, 2022
CVE-2022-36267 9.8 CRITICAL EXPLOITED 2 PoCs Analysis EPSS 0.70
Airspan AirSpot 5410 <0.3.4.1-4 - Command Injection
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
Aug 08, 2022
CVE-2022-24442 9.8 CRITICAL 1 PoC Analysis EPSS 0.00
JetBrains YouTrack <2021.4.40426 - SSRF
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CWE-94 Feb 25, 2022
CVE-2022-40032 9.8 CRITICAL 2 PoCs Analysis NUCLEI EPSS 0.68
Simple Task Managing System - SQL Injection
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.
CWE-89 Feb 17, 2023
CVE-2022-40347 9.8 CRITICAL 2 PoCs Analysis EPSS 0.06
Intern Record System - SQL Injection
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.
CWE-89 Feb 17, 2023
CVE-2022-29063 9.8 CRITICAL 1 PoC Analysis EPSS 0.21
Apache OFBiz <18.12.06 - RCE
The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.
CWE-502 Sep 02, 2022
CVE-2022-4047 9.8 CRITICAL 2 PoCs Analysis EPSS 0.73
WooCommerce <4.0.9 - RCE
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and lead to RCE
Dec 26, 2022
CVE-2022-29361 9.8 CRITICAL 2 PoCs Analysis EPSS 0.31
Pallets Werkzeug <2.1.0 - SSRF
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project
CWE-444 May 25, 2022

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation