Vulnerabilities Exploited in the Wild with Public PoC

Updated 5h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

357,186 CVEs tracked 54,428 with exploits 5,027 exploited in wild 1,619 CISA KEV 4,187 Nuclei templates 55,153 vendors 47,496 researchers
2,511 results Clear all
CVE-2013-3881 EXPLOITED 2 PoCs Analysis EPSS 0.18
Windows 7 SP1 and Windows Server 2008 R2 SP1 - Local Privilege Escalation via Win32k NULL Page
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."
CWE-399 Oct 09, 2013 STIX 2.1
CVE-2013-1300 EXPLOITED 3 PoCs Analysis EPSS 0.27
Microsoft Windows - Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
CWE-264 Jul 10, 2013 STIX 2.1
CVE-2013-2597 8.4 HIGH KEV SSVC ACTIVE 1 PoC Analysis EPSS 0.06
Linux kernel 2.6.x-3.x - Buffer Overflow
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument.
CWE-121 Aug 31, 2014 STIX 2.1
CVE-2013-6282 8.8 HIGH KEV SSVC ACTIVE 7 PoCs 1 Writeup Analysis EPSS 0.68
Android get_user/put_user Exploit
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.
CWE-20 Nov 20, 2013 STIX 2.1
CVE-2013-2094 8.4 HIGH KEV SSVC ACTIVE 11 PoCs 1 Writeup Analysis EPSS 0.66
Linux Kernel < 3.0.75 - Local Privilege Escalation via perf_event_open System Call
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
CWE-189 May 14, 2013 STIX 2.1
CVE-2013-2596 7.8 HIGH KEV SSVC ACTIVE 1 PoC 2 Writeups Analysis EPSS 0.03
Linux kernel <3.8.9 - Privilege Escalation
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
CWE-190 Apr 13, 2013 STIX 2.1
CVE-2013-2618 EXPLOITED RANSOMWARE 1 PoC Analysis EPSS 0.09
Network Weathermap < 0.97b - Stored Cross-Site Scripting via Map Title Parameter
Cross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.
CWE-79 Jun 05, 2014 STIX 2.1
CVE-2013-7331 6.5 MEDIUM KEV SSVC ACTIVE RANSOMWARE 1 PoC Analysis EPSS 0.82
Internet Explorer - Information Disclosure via Microsoft.XMLDOM ActiveX Error Codes
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.
CWE-209 Feb 26, 2014 STIX 2.1
CVE-2013-3896 5.5 MEDIUM KEV SSVC ACTIVE RANSOMWARE 1 PoC Analysis EPSS 0.85
Microsoft Silverlight <5.1.20913.0 - Info Disclosure
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."
Oct 09, 2013 STIX 2.1
CVE-2013-2423 3.7 LOW KEV SSVC ACTIVE RANSOMWARE 2 PoCs Analysis EPSS 0.93
Oracle JRE - Improper Access Control
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from the original researcher that this vulnerability allows remote attackers to bypass permission checks by the MethodHandles method and modify arbitrary public final fields using reflection and type confusion, as demonstrated using integer and double fields to disable the security manager.
CWE-284 Apr 17, 2013 STIX 2.1
CVE-2013-0074 7.8 HIGH KEV SSVC ACTIVE RANSOMWARE 3 PoCs Analysis EPSS 0.94
Microsoft Silverlight <5.1.20125.0 - RCE
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
Mar 13, 2013 STIX 2.1
CVE-2013-0431 5.3 MEDIUM KEV SSVC ACTIVE RANSOMWARE 2 PoCs Analysis EPSS 0.92
Oracle JRE 7 through Update 11 and OpenJDK 7 - Security Sandbox Bypass via JMX
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
CWE-693 Jan 31, 2013 STIX 2.1
CVE-2013-0422 9.8 CRITICAL KEV SSVC ACTIVE RANSOMWARE 2 PoCs Analysis EPSS 0.94
Oracle JDK 7 - Remote Code Execution via JMX MBean Instantiator and Reflection API
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
CWE-284 Jan 10, 2013 STIX 2.1
CVE-2013-1690 8.8 HIGH KEV SSVC ACTIVE 3 PoCs Analysis EPSS 0.47
Firefox < 22.0 and Thunderbird < 17.0.7 - Remote Code Execution via onreadystatechange Event Handling
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
CWE-119 Jun 26, 2013 STIX 2.1
CVE-2013-2465 9.8 CRITICAL KEV SSVC ACTIVE RANSOMWARE 2 PoCs Analysis EPSS 0.93
Java storeImageArray() Invalid Array Indexing Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
CWE-693 Jun 18, 2013 STIX 2.1
CVE-2013-3660 7.8 HIGH KEV SSVC ACTIVE RANSOMWARE 5 PoCs Analysis EPSS 0.71
Windows - Local Privilege Escalation via EPATHOBJ::pprFlattenRec Pointer Initialization
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
CWE-119 May 24, 2013 STIX 2.1
CVE-2013-2729 9.8 CRITICAL KEV SSVC ACTIVE RANSOMWARE 2 PoCs Analysis EPSS 0.90
Adobe Reader/Acrobat <9.5.5, <10.1.7, <11.0.03 - RCE
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.
CWE-190 May 16, 2013 STIX 2.1
CVE-2013-2551 8.8 HIGH KEV SSVC ACTIVE RANSOMWARE 2 PoCs Analysis EPSS 0.92
Microsoft Internet Explorer <10 - RCE
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
CWE-416 Mar 11, 2013 STIX 2.1
CVE-2013-5223 5.4 MEDIUM KEV SSVC ACTIVE 2 PoCs Analysis EPSS 0.30
D-Link DSL-2760U Firmware < 1.12 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.
CWE-79 Nov 19, 2013 STIX 2.1
CVE-2013-4810 9.8 CRITICAL KEV SSVC ACTIVE RANSOMWARE 1 PoC Analysis EPSS 0.90
HP ProCurve Manager and Application Lifecycle Management - Remote Code Execution via Marshalled Object
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.
CWE-94 Sep 16, 2013 STIX 2.1

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-41702: Forty-Seven Microseconds in /var/run/vmware/cnx-tmp
May 17, 2026
Hermes Agent with EIP Harness: The Vulnerability Research Assistant That Also Runs Your Pipelines
May 13, 2026
CVE-2026-41940: cPanel & WHM Pre-Auth RCE - Two Write Paths, One Filter
May 01, 2026
EIP STIX 2.1 / TAXII 2.1 Feed: Exploit Intelligence for Your Stack
Apr 29, 2026
CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
 View all posts →

CVEForge Labs

CVE-2026-45829 CRITICAL
ChromaDB >=1.0.0 - Unauthenticated Remote Code Execution via Malicious Model Repository
CVE-2026-42859 HIGH
Neat VNC: Buffer overflow due to oversized RSA public keys
CVE-2026-3296 CRITICAL
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
CVE-2026-34980 HIGH
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
CVE-2026-35414 MEDIUM
OpenSSH < 10.3 - Always-Incorrect Control Flow Implementation in Authorized Keys Principals Handling
CVE-2026-33765 CRITICAL
Pi-hole Web <6.0 savesettings.php - Command Injection
CVE-2026-4105 MEDIUM
Red Hat Enterprise Linux 10 - Improper Access Control via systemd-machined RegisterMachine D-Bus Method
CVE-2026-30861 CRITICAL
WeKnora 0.2.5-0.2.9 - Unauthenticated Remote Code Execution via MCP stdio Configuration Validation Bypass
CVE-2026-30860 CRITICAL
WeKnora <0.2.12 - RCE via SQL Injection
CVE-2026-28391 CRITICAL
OpenClaw <2026.2.2 - Command Injection
 View all labs →

KEV Gaps

CVE-2026-48027
Compromised Nx Console version 18.95.0
 CVE-2026-8398
DAEMON Tools Lite 12.5.0.2421-12.5.0.2434 - Embedded Malicious Code in Trojanized Installer
 CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
 CVE-2009-1537
Microsoft DirectX 7.0-9.0c - Remote Code Execution via QuickTime Movie Parser Filter
 CVE-2026-6973
Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Authenticated Remote Code Execution
 CVE-2025-29635
D-Link DIR-823X 240126 and 240802 - Authenticated Remote Command Execution via /goform/set_prohibiting
 CVE-2024-57728
SimpleHelp < 5.5.8 - Authenticated Path Traversal and Arbitrary File Write via Zip Slip
 CVE-2024-57726
SimpleHelp < 5.5.8 - Missing Authorization for API Key Creation
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration Suite 8.8.15, 9.0, 10.0-10.1 - Stored Cross-Site Scripting via Crafted Email HTML Content