High EPSS Vulnerabilities with Public Exploits

Updated 5h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,482 CVEs tracked 53,635 with exploits 4,859 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,335 vendors 43,883 researchers
3,483 results Clear all
CVE-2022-0169 9.8 CRITICAL EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.82
WordPress Photo Gallery Plugin SQL Injection (CVE-2022-0169)
The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection
CWE-89 Mar 14, 2022
CVE-2005-1812 3 PoCs Analysis EPSS 0.82
Futuresoft Tftp Server 2000 - Memory Corruption
Multiple stack-based buffer overflows in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allow remote attackers to execute arbitrary code via a long (1) filename or (2) transfer mode string in a Read Request (RRQ) or Write Request (WRQ) packet.
CWE-119 Jun 01, 2005
CVE-2003-1192 4 PoCs Analysis EPSS 0.82
Truenorth Software IA Webmail Server - Buffer Overflow
Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.
Nov 03, 2003
CVE-2020-26413 5.3 MEDIUM 1 PoC Analysis NUCLEI EPSS 0.82
GitLab CE/EE <13.6.2 - Info Disclosure
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
CWE-200 Dec 11, 2020
CVE-2013-7409 6 PoCs Analysis EPSS 0.82
ALLPlayer <5.8.1 - Buffer Overflow
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
CWE-119 Oct 30, 2014
CVE-2021-27964 9.8 CRITICAL EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.82
SonLogger - Arbitrary File Upload
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.
CWE-434 Mar 05, 2021
CVE-2008-4654 8 PoCs Analysis EPSS 0.82
Videolan Vlc Media Player - Memory Corruption
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
CWE-119 Oct 22, 2008
CVE-2016-7456 9.8 CRITICAL 1 PoC Analysis EPSS 0.82
Vmware Vsphere Data Protection - Credentials Management
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
CWE-255 Dec 29, 2016
CVE-2009-0950 5 PoCs Analysis EPSS 0.82
Apple Itunes < 8.1.1 - Memory Corruption
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
CWE-119 Jun 02, 2009
CVE-2022-24989 9.8 CRITICAL EXPLOITED RANSOMWARE 1 PoC Analysis EPSS 0.82
Terra-master Terramaster Operating System < 4.2.31 - Injection
TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.
CWE-74 Aug 20, 2023
CVE-2007-1697 1 PoC Analysis EPSS 0.82
Philex <0.2.3 - RCE
PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CssFile parameter.
Mar 27, 2007
CVE-2025-31125 5.3 MEDIUM KEV 6 PoCs Analysis NUCLEI EPSS 0.82
Vite Development Server - Path Traversal
Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.
CWE-284 Mar 31, 2025
CVE-2023-48084 9.8 CRITICAL EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.82
Nagios XI < 5.11.3 - SQL Injection
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.
CWE-89 Dec 14, 2023
CVE-2001-0010 4 PoCs Analysis EPSS 0.82
BIND 8 - Buffer Overflow
Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.
Feb 12, 2001
CVE-2007-5003 2 PoCs Analysis EPSS 0.82
Broadcom Brightstor Arcserve Backup L... - Memory Corruption
Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.
CWE-119 Oct 01, 2007
CVE-2020-6308 5.3 MEDIUM EXPLOITED 4 PoCs Analysis NUCLEI EPSS 0.82
SAP BusinessObjects Web Services - Info Disclosure
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.
CWE-918 Oct 20, 2020
CVE-2014-0113 EXPLOITED 1 PoC Analysis EPSS 0.82
Apache Struts <2.3.20 - RCE
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
CWE-264 Apr 29, 2014
CVE-2005-2265 3 PoCs Analysis EPSS 0.82
Mozilla Firefox - Denial of Service
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
Jul 13, 2005
CVE-2023-40000 8.3 HIGH EXPLOITED 3 PoCs Analysis NUCLEI EPSS 0.82
Litespeedtech Litespeed Cache < 5.7.0.1 - XSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through 5.7.
CWE-79 Apr 16, 2024
CVE-2007-4636 1 PoC Analysis EPSS 0.82
phpBG 0.9.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) intern/config/key_2.php, or (5) intern/config/forum.php.
CWE-20 Aug 31, 2007

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation