High EPSS Vulnerabilities with Public Exploits

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,468 CVEs tracked 53,663 with exploits 4,859 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,324 vendors 43,878 researchers
3,483 results Clear all
CVE-2010-3187 2 PoCs Analysis EPSS 0.80
IBM AIX <5.3 - RCE
Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.
CWE-119 Aug 30, 2010
CVE-2009-0183 3 PoCs Analysis EPSS 0.80
Free Download Manager <3.0.844 - Buffer Overflow
Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request.
CWE-119 Feb 03, 2009
CVE-2012-3951 2 PoCs Analysis EPSS 0.80
Sonicwall Scrutinizer < 9.0.1.19899 - SQL Injection
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
CWE-89 Jul 31, 2012
CVE-2010-1964 3 PoCs Analysis EPSS 0.79
HP OpenView Network Node Manager ovwebsnmpsrv.exe ovutil Buffer Overflow
Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unspecified parameters to jovgraph.exe, aka ZDI-CAN-683.
Jun 17, 2010
CVE-2007-4370 4 PoCs Analysis EPSS 0.79
Racer 0.5.3 beta 5 - Buffer Overflow
Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.
Aug 15, 2007
CVE-2023-45498 9.8 CRITICAL 1 PoC Analysis EPSS 0.79
Vinchin Backup And Recovery < 7.0 - Command Injection
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.
CWE-77 Oct 27, 2023
CVE-2023-29336 7.8 HIGH KEV 3 PoCs Analysis EPSS 0.79
Win32k - Privilege Escalation
Win32k Elevation of Privilege Vulnerability
CWE-416 May 09, 2023
CVE-2015-3088 1 PoC Analysis EPSS 0.79
Adobe Flash Player <13.0.0.289-17.0.0.188 - Buffer Overflow
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors.
CWE-119 May 13, 2015
CVE-2016-4657 8.8 HIGH KEV RANSOMWARE 6 PoCs Analysis EPSS 0.79
Apple Iphone OS < 9.3.5 - Out-of-Bounds Write
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CWE-787 Aug 25, 2016
CVE-2017-8540 7.8 HIGH KEV 1 PoC Analysis EPSS 0.79
Microsoft Malware Protection Engine - Out-of-Bounds Write
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.
CWE-787 May 26, 2017
CVE-2006-2379 1 PoC Analysis EPSS 0.79
Microsoft Windows 2000 - Memory Corruption
Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
CWE-119 Jun 13, 2006
CVE-2015-0097 1 PoC Analysis EPSS 0.79
Microsoft Excel - Remote Code Execution
Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Word Local Zone Remote Code Execution Vulnerability."
CWE-19 Mar 11, 2015
CVE-2010-0557 3 PoCs Analysis EPSS 0.79
IBM Cognos Express - Credentials Management
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.
CWE-255 Feb 05, 2010
CVE-2008-2683 4 PoCs Analysis EPSS 0.79
Black ICE Barcode SDK - Improper Input Validation
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.
CWE-20 Jun 12, 2008
CVE-2020-35598 7.5 HIGH 1 PoC Analysis NUCLEI EPSS 0.79
Advanced Comment System - Path Traversal
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623
CWE-22 Dec 23, 2020
CVE-2022-41840 7.5 HIGH EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.79
Welcart eCommerce <2.7.7 - Path Traversal
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
CWE-22 Nov 18, 2022
CVE-2023-38098 8.8 HIGH 1 PoC Analysis EPSS 0.79
Netgear Prosafe Network Management System - Unrestricted File Upload
NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19720.
CWE-434 May 03, 2024
CVE-2023-26258 9.8 CRITICAL EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.79
Arcserve UDP <9.0.6034 - Auth Bypass
Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator.
CWE-863 Jul 03, 2023
CVE-2026-1281 9.8 CRITICAL KEV 3 PoCs Analysis EPSS 0.79
Ivanti Endpoint Manager Mobile (EPMM) unauthenticated RCE
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
CWE-94 Jan 29, 2026
CVE-2006-6063 4 PoCs Analysis EPSS 0.79
Un4seen Xmplay < 3.3.0.5 - Buffer Overflow
Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allows remote attackers to execute arbitrary code via a M3U file containing a long (1) FileName, and cause a crash via a long (2) DisplayName.
Nov 22, 2006

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation