Vulnerabilities Exploited in the Wild with Public PoC

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

358,116 CVEs tracked 54,450 with exploits 5,036 exploited in wild 1,622 CISA KEV 4,194 Nuclei templates 55,255 vendors 47,556 researchers
2,519 results Clear all
CVE-2020-15505 9.8 CRITICAL KEV SSVC ACTIVE 2 PoCs Analysis NUCLEI EPSS 1.00
MobileIron MDM Hessian-Based Java Deserialization RCE
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
CWE-706 Jul 07, 2020 STIX 2.1
CVE-2020-5902 9.8 CRITICAL KEV SSVC ACTIVE RANSOMWARE 65 PoCs Analysis NUCLEI EPSS 1.00
BIG-IP 11.6.1-11.6.5.1 - Remote Code Execution via TMUI Undisclosed Pages
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
CWE-22 Jul 01, 2020 STIX 2.1
CVE-2020-1054 7.8 HIGH KEV SSVC ACTIVE 7 PoCs Analysis EPSS 0.53
Windows - Local Privilege Escalation via Win32k Driver Memory Handling
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143.
CWE-787 May 21, 2020 STIX 2.1
CVE-2020-4428 9.1 CRITICAL KEV SSVC ACTIVE 1 PoC Analysis EPSS 0.62
IBM Data Risk Manager 2.0.1-2.0.4 - Authenticated OS Command Injection
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.
CWE-78 May 07, 2020 STIX 2.1
CVE-2020-4427 9.8 CRITICAL KEV SSVC ACTIVE 2 PoCs Analysis NUCLEI EPSS 0.70
IBM Data Risk Manager 2.0.1-2.0.6 - Authentication Bypass via SAML Misconfiguration
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.
CWE-287 May 07, 2020 STIX 2.1
CVE-2020-11652 6.5 MEDIUM KEV SSVC ACTIVE 10 PoCs Analysis EPSS 0.86
SaltStack Salt < 2019.2.4 - Authenticated Path Traversal via ClearFuncs Methods
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
CWE-22 Apr 30, 2020 STIX 2.1
CVE-2020-11651 9.8 CRITICAL KEV SSVC ACTIVE 17 PoCs Analysis EPSS 0.96
SaltStack Salt <2019.2.4,3000.2 - RCE
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Apr 30, 2020 STIX 2.1
CVE-2020-3161 9.8 CRITICAL KEV SSVC ACTIVE 2 PoCs Analysis EPSS 0.84
Cisco IP Phone Multiple Models Firmware - Unauthenticated RCE or DoS via HTTP
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
CWE-20 Apr 15, 2020 STIX 2.1
CVE-2020-1020 8.8 HIGH KEV SSVC ACTIVE 4 PoCs Analysis EPSS 0.65
Microsoft Windows - Remote Code Execution via Adobe Type Manager Library Font Parsing
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.
CWE-787 Apr 15, 2020 STIX 2.1
CVE-2020-11738 7.5 HIGH KEV SSVC ACTIVE 3 PoCs Analysis NUCLEI EPSS 0.98
Duplicator < 1.3.28 and < 3.8.7.1 - Directory Traversal via File Parameter
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
CWE-22 Apr 13, 2020 STIX 2.1
CVE-2020-3952 9.8 CRITICAL KEV SSVC ACTIVE 8 PoCs Analysis NUCLEI EPSS 0.90
VMware vCenter Server vmdir Information Disclosure
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
CWE-306 Apr 10, 2020 STIX 2.1
CVE-2020-5735 8.8 HIGH KEV SSVC ACTIVE 1 PoC Analysis EPSS 0.36
Amcrest Cameras and NVR - Authenticated Stack-based Buffer Overflow via Port 37777
Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.
CWE-121 Apr 08, 2020 STIX 2.1
CVE-2020-10199 8.8 HIGH KEV SSVC ACTIVE 10 PoCs Analysis NUCLEI EPSS 0.99
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
CWE-917 Apr 01, 2020 STIX 2.1
CVE-2020-7961 9.8 CRITICAL KEV SSVC ACTIVE 16 PoCs Analysis NUCLEI EPSS 1.00
Liferay Portal <7.2.1 CE GA2 - Code Injection
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
CWE-502 Mar 20, 2020 STIX 2.1
CVE-2020-3950 7.8 HIGH KEV SSVC ACTIVE 4 PoCs Analysis EPSS 0.07
VMware Fusion <11.5.2 - Privilege Escalation
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
CWE-269 Mar 17, 2020 STIX 2.1
CVE-2020-5849 7.5 HIGH KEV SSVC ACTIVE 2 PoCs Analysis EPSS 0.93
unraid 6.8.0 - Authentication Bypass
Unraid 6.8.0 allows authentication bypass.
CWE-697 Mar 16, 2020 STIX 2.1
CVE-2020-5847 9.8 CRITICAL KEV SSVC ACTIVE 3 PoCs Analysis NUCLEI EPSS 0.96
Unraid < 6.8.0 - Unauthenticated Remote Code Execution
Unraid through 6.8.0 allows Remote Code Execution.
Mar 16, 2020 STIX 2.1
CVE-2020-6207 9.8 CRITICAL KEV SSVC ACTIVE 4 PoCs Analysis NUCLEI EPSS 0.98
SAP Solution Manager 7.2 - Auth Bypass
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
CWE-306 Mar 10, 2020 STIX 2.1
CVE-2020-0069 7.8 HIGH KEV SSVC ACTIVE 6 PoCs Analysis EPSS 0.01
Mediatek Command Queue driver - Privilege Escalation
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754
CWE-787 Mar 10, 2020 STIX 2.1
CVE-2020-0041 7.8 HIGH KEV SSVC ACTIVE 5 PoCs Analysis EPSS 0.03
Android - Local Privilege Escalation via Binder Transaction Bounds Check
In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel
CWE-20 Mar 10, 2020 STIX 2.1

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-41702: Forty-Seven Microseconds in /var/run/vmware/cnx-tmp
May 17, 2026
Hermes Agent with EIP Harness: The Vulnerability Research Assistant That Also Runs Your Pipelines
May 13, 2026
CVE-2026-41940: cPanel & WHM Pre-Auth RCE - Two Write Paths, One Filter
May 01, 2026
EIP STIX 2.1 / TAXII 2.1 Feed: Exploit Intelligence for Your Stack
Apr 29, 2026
CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
 View all posts →

CVEForge Labs

CVE-2026-45829 CRITICAL
ChromaDB >=1.0.0 - Unauthenticated Remote Code Execution via Malicious Model Repository
CVE-2026-42859 HIGH
Neat VNC: Buffer overflow due to oversized RSA public keys
CVE-2026-3296 CRITICAL
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
CVE-2026-34980 HIGH
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
CVE-2026-35414 MEDIUM
OpenSSH < 10.3 - Always-Incorrect Control Flow Implementation in Authorized Keys Principals Handling
CVE-2026-33765 CRITICAL
Pi-hole Web <6.0 savesettings.php - Command Injection
CVE-2026-4105 MEDIUM
Red Hat Enterprise Linux 10 - Improper Access Control via systemd-machined RegisterMachine D-Bus Method
CVE-2026-30861 CRITICAL
WeKnora 0.2.5-0.2.9 - Unauthenticated Remote Code Execution via MCP stdio Configuration Validation Bypass
CVE-2026-30860 CRITICAL
WeKnora <0.2.12 - RCE via SQL Injection
CVE-2026-28391 CRITICAL
OpenClaw <2026.2.2 - Command Injection
 View all labs →

KEV Gaps

CVE-2026-48027
Compromised Nx Console version 18.95.0
 CVE-2026-8398
DAEMON Tools Lite 12.5.0.2421-12.5.0.2434 - Embedded Malicious Code in Trojanized Installer
 CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
 CVE-2009-1537
Microsoft DirectX 7.0-9.0c - Remote Code Execution via QuickTime Movie Parser Filter
 CVE-2026-6973
Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Authenticated Remote Code Execution
 CVE-2025-29635
D-Link DIR-823X 240126 and 240802 - Authenticated Remote Command Execution via /goform/set_prohibiting
 CVE-2024-57728
SimpleHelp < 5.5.8 - Authenticated Path Traversal and Arbitrary File Write via Zip Slip
 CVE-2024-57726
SimpleHelp < 5.5.8 - Missing Authorization for API Key Creation
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration Suite 8.8.15, 9.0, 10.0-10.1 - Stored Cross-Site Scripting via Crafted Email HTML Content