High EPSS Vulnerabilities with Public Exploits

Updated 10m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,417 CVEs tracked 53,633 with exploits 4,859 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,306 vendors 43,872 researchers
3,485 results Clear all
CVE-2006-1016 2 PoCs Analysis EPSS 0.77
Microsoft Internet Explorer - Buffer Overflow
Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.
Mar 07, 2006
CVE-1999-0736 1 PoC Analysis EPSS 0.77
IIS/Site Server - Info Disclosure
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
May 07, 1999
CVE-2012-6275 2 PoCs Analysis EPSS 0.77
Bigantsoft Bigant IM Message Server - Memory Corruption
Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the userid component in a DUPF request.
CWE-119 Feb 24, 2013
CVE-2011-4040 3 PoCs Analysis EPSS 0.76
MiniSmtp 3.0.11818 - RCE
Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet.
CWE-119 Nov 21, 2011
CVE-2010-2333 2 PoCs Analysis EPSS 0.76
Litespeedtech Litespeed Web Server - Information Disclosure
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
CWE-200 Jun 18, 2010
CVE-2014-2849 2 PoCs Analysis EPSS 0.76
Sophos Web Appliance Firmware < 3.8.1.1 - Access Control
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
CWE-264 Apr 11, 2014
CVE-2013-1710 EXPLOITED 2 PoCs Analysis EPSS 0.76
Firefox toString console.time Privileged Javascript Injection
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation.
CWE-20 Aug 07, 2013
CVE-2021-40651 6.5 MEDIUM 1 PoC Analysis NUCLEI EPSS 0.76
OS4Ed OpenSIS Community 8.0 - Info Disclosure
OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.
CWE-22 Sep 29, 2021
CVE-2014-9312 8.8 HIGH 2 PoCs Analysis EPSS 0.76
Photo Gallery 1.2.5 - Info Disclosure
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
CWE-434 Aug 28, 2017
CVE-2015-1793 6.5 MEDIUM 2 PoCs Analysis EPSS 0.76
Oracle Supply Chain Products Suite < 2.0.0.6 - Security Feature Bypass
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
CWE-254 Jul 09, 2015
CVE-2018-12464 10.0 CRITICAL 2 PoCs Analysis EPSS 0.76
Micro Focus Secure Messaging Gateway <471 - SQL Injection
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).
CWE-89 Jun 29, 2018
CVE-2013-1362 2 PoCs Analysis EPSS 0.76
Opensuse < 2.13 - Improper Input Validation
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
CWE-20 Jul 09, 2013
CVE-2017-1000117 8.8 HIGH 28 PoCs Analysis EPSS 0.76
Malicious Git HTTP Server For CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
CWE-601 Oct 05, 2017
CVE-2016-3386 7.5 HIGH 1 PoC Analysis EPSS 0.76
Microsoft Edge < 1.2.1 - Memory Corruption
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3389, CVE-2016-7190, and CVE-2016-7194.
CWE-119 Oct 14, 2016
CVE-1999-0278 1 PoC Analysis EPSS 0.76
IIS - Info Disclosure
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
Jun 01, 1998
CVE-2015-9323 9.8 CRITICAL 1 PoC Analysis NUCLEI EPSS 0.76
Duckdev 404 TO 301 < 2.0.3 - SQL Injection
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
CWE-89 Aug 16, 2019
CVE-2015-2067 EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.76
Magmi - Path Traversal
Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CWE-22 Feb 24, 2015
CVE-2013-4710 3 PoCs Analysis EPSS 0.76
Android <4.1.x - RCE
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
CWE-20 Mar 03, 2014
CVE-2021-24917 7.5 HIGH 3 PoCs Analysis NUCLEI EPSS 0.76
WPS Hide Login <1.9.1 - Info Disclosure
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
CWE-863 Dec 06, 2021
CVE-2022-29548 4.6 MEDIUM 2 PoCs Analysis NUCLEI EPSS 0.76
Wso2 API Manager - XSS
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.
CWE-79 Apr 21, 2022

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation