High EPSS Vulnerabilities with Public Exploits

Updated 44m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,482 CVEs tracked 53,635 with exploits 4,859 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,335 vendors 43,883 researchers
3,483 results Clear all
CVE-2007-4712 1 PoC Analysis EPSS 0.81
Enetman - Code Injection
PHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CWE-94 Sep 05, 2007
CVE-2022-46381 6.1 MEDIUM EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.81
Linear eMerge E3-Series <0.32-08f - XSS
Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.
CWE-79 Dec 13, 2022
CVE-2019-0568 7.5 HIGH 1 PoC Analysis EPSS 0.81
Microsoft Edge - Memory Corruption
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0567.
CWE-787 Jan 08, 2019
CVE-2007-2888 5 PoCs Analysis EPSS 0.81
UltraISO <8.6.2.2011 - Buffer Overflow
Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.
May 30, 2007
CVE-2025-27007 9.8 CRITICAL EXPLOITED 4 PoCs Analysis NUCLEI EPSS 0.81
OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation
Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82.
CWE-266 May 01, 2025
CVE-2023-39026 7.5 HIGH EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.81
FileMage Gateway <1.10.8 - Path Traversal
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.
CWE-22 Aug 22, 2023
CVE-2020-35234 7.5 HIGH EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.81
Wp-ecommerce Easy WP SMTP < 1.4.4 - Log Information Exposure
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.
CWE-532 Dec 14, 2020
CVE-2023-6020 7.5 HIGH 1 PoC Analysis NUCLEI EPSS 0.81
Ray's <static> - Info Disclosure
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.
CWE-862 Nov 16, 2023
CVE-2018-9205 7.5 HIGH EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.81
Drupal Avatar Uploader - Path Traversal
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
CWE-22 Apr 04, 2018
CVE-2010-1554 3 PoCs Analysis EPSS 0.81
HP OpenView Network Node Manager <7.53 - Buffer Overflow
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.
CWE-119 May 13, 2010
CVE-2003-0990 2 PoCs Analysis EPSS 0.81
SquirrelMail 1.4.0 - GPG Plugin 1.1 - Command Injection
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
Jan 20, 2004
CVE-2018-10201 7.5 HIGH 1 PoC Analysis NUCLEI EPSS 0.81
NComputing vSpace Pro <11 - Info Disclosure
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.
CWE-22 Apr 20, 2018
CVE-2009-2526 EXPLOITED 2 PoCs Analysis EPSS 0.81
Microsoft Windows Vista-Server 2008 - DoS
Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
CWE-399 Oct 14, 2009
CVE-2014-7862 9.8 CRITICAL 2 PoCs Analysis EPSS 0.81
Zohocorp Desktop Central < 90109 - Access Control
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
CWE-264 Jan 04, 2018
CVE-2017-11391 8.8 HIGH 1 PoC Analysis EPSS 0.81
Trendmicro Interscan Messaging Securi... - Command Injection
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744.
CWE-77 Aug 03, 2017
CVE-2010-0270 1 PoC Analysis EPSS 0.81
Microsoft Windows 7 - Improper Input Validation
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
CWE-20 Apr 14, 2010
CVE-2007-3228 1 PoC Analysis EPSS 0.81
Sitellite CMS <4.2.12 - RCE
PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUM[LIB] parameter. NOTE: by default, access to the PhpDocumentor directory tree is blocked by .htaccess.
Jun 14, 2007
CVE-2022-26133 9.8 CRITICAL 6 PoCs Analysis EPSS 0.81
Atlassian Bitbucket Data Center <7.17.6 - Code Injection
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
CWE-502 Apr 20, 2022
CVE-2017-8779 7.5 HIGH 3 PoCs Analysis EPSS 0.81
Rpcbind < 0.2.4 - Resource Allocation Without Limits
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
CWE-770 May 04, 2017
CVE-2005-0771 1 PoC Analysis EPSS 0.81
VERITAS Backup Exec Server <10.0 - RCE
VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106.
Jun 23, 2005

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation