High EPSS Vulnerabilities with Public Exploits

Updated 5h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

357,695 CVEs tracked 54,449 with exploits 5,036 exploited in wild 1,621 CISA KEV 4,191 Nuclei templates 55,244 vendors 47,549 researchers
1,858 results Clear all
CVE-2018-17431 9.8 CRITICAL EXPLOITED 4 PoCs 1 Writeup Analysis NUCLEI EPSS 0.84
Comodo Unified Threat Management Firewall < 2.7.0 - Unauthenticated Remote Code Execution
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.
CWE-287 Jan 30, 2019 STIX 2.1
CVE-2010-3563 2 PoCs Analysis EPSS 0.84
Oracle Java SE/Jav for Bus <6 Update 21 - Info Disclosure
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.
Oct 19, 2010 STIX 2.1
CVE-2019-12314 9.8 CRITICAL EXPLOITED 2 PoCs 1 Writeup Analysis NUCLEI EPSS 0.84
Deltek Maconomy 2.2.5 - Path Traversal
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.
CWE-22 May 24, 2019 STIX 2.1
CVE-2014-6037 3 PoCs Analysis EPSS 0.84
ManageEngine EventLog Analyzer 9.0/8.2 - Remote Code Execution via ZIP Traversal
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
CWE-22 Oct 26, 2014 STIX 2.1
CVE-2015-2857 9.8 CRITICAL 2 PoCs Analysis EPSS 0.84
Accellion File Transfer Appliance < 9_11_200 - Remote Code Execution via oauth_token Parameter
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
CWE-77 Aug 22, 2017 STIX 2.1
CVE-2014-0556 EXPLOITED RANSOMWARE 2 PoCs Analysis EPSS 0.84
Adobe Flash Player < 13.0.0.244 and 14.x-15.x < 15.0.0.152 - Remote Code Execution via Heap-Based Buffer Overflow
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0559.
CWE-119 Sep 10, 2014 STIX 2.1
CVE-2017-5754 5.6 MEDIUM 8 PoCs Analysis EPSS 0.84
Intel Atom C/E/X3 - Unauthorized Information Disclosure via Speculative Execution Side-Channel
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CWE-200 Jan 04, 2018 STIX 2.1
CVE-2011-0997 2 PoCs Analysis EPSS 0.84
ISC DHCP 3.0.x-4.2.x - Remote Code Execution via DHCP Hostname Shell Metacharacters
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
CWE-20 Apr 08, 2011 STIX 2.1
CVE-2016-0041 7.8 HIGH 1 PoC Analysis EPSS 0.84
Internet Explorer - DLL Loading Remote Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
Feb 10, 2016 STIX 2.1
CVE-2017-0213 7.3 HIGH KEV SSVC ACTIVE RANSOMWARE 10 PoCs Analysis EPSS 0.84
Microsoft Windows - Privilege Escalation
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.
May 12, 2017 STIX 2.1
CVE-2025-40551 9.8 CRITICAL KEV SSVC ACTIVE 1 PoC Analysis NUCLEI EPSS 0.84
SolarWinds Web Help Desk < 2026.1 - Unauthenticated Remote Code Execution via Untrusted Data Deserialization
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.
CWE-502 Jan 28, 2026 STIX 2.1
CVE-2006-3439 EXPLOITED 6 PoCs Analysis EPSS 0.84
Microsoft Windows <2003 - Buffer Overflow
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
Aug 09, 2006 STIX 2.1
CVE-2018-17552 9.8 CRITICAL 3 PoCs 1 Writeup Analysis EPSS 0.84
Naviwebs Navigate CMS 2.8 - SQL Injection
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
CWE-89 Oct 03, 2018 STIX 2.1
CVE-2022-24990 7.5 HIGH KEV SSVC ACTIVE RANSOMWARE 7 PoCs Analysis NUCLEI EPSS 0.84
TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
CWE-306 Feb 07, 2023 STIX 2.1
CVE-2026-3055 9.8 CRITICAL KEV SSVC ACTIVE 6 PoCs Analysis NUCLEI EPSS 0.84
Insufficient input validation leading to memory overread
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
CWE-125 Mar 23, 2026 STIX 2.1
CVE-2023-28432 7.5 HIGH KEV SSVC ACTIVE 20 PoCs Analysis NUCLEI EPSS 0.84
Minio <RELEASE.2023-03-20T20-16-18Z - Info Disclosure
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
CWE-200 Mar 22, 2023 STIX 2.1
CVE-2011-4885 4 PoCs 1 Writeup Analysis EPSS 0.84
PHP < 5.3.9 - Denial of Service via Hash Collision in Form Parameter Handling
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CWE-20 Dec 30, 2011 STIX 2.1
CVE-2016-5195 7.0 HIGH KEV SSVC ACTIVE 77 PoCs 1 Writeup Analysis EPSS 0.84
Linux Kernel 2.x-4.x < 4.8.3 - Local Privilege Escalation via Dirty COW Race Condition
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
CWE-362 Nov 10, 2016 STIX 2.1
CVE-2005-3252 6 PoCs Analysis EPSS 0.84
Snort - Stack-based Buffer Overflow via Back Orifice Preprocessor
Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.
Oct 18, 2005 STIX 2.1
CVE-2018-17463 8.8 HIGH KEV SSVC ACTIVE 4 PoCs Analysis EPSS 0.84
Google Chrome < 70.0.3538.64 - Remote Code Execution via V8 Side Effect Annotation
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Nov 14, 2018 STIX 2.1

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-41702: Forty-Seven Microseconds in /var/run/vmware/cnx-tmp
May 17, 2026
Hermes Agent with EIP Harness: The Vulnerability Research Assistant That Also Runs Your Pipelines
May 13, 2026
CVE-2026-41940: cPanel & WHM Pre-Auth RCE - Two Write Paths, One Filter
May 01, 2026
EIP STIX 2.1 / TAXII 2.1 Feed: Exploit Intelligence for Your Stack
Apr 29, 2026
CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
 View all posts →

CVEForge Labs

CVE-2026-45829 CRITICAL
ChromaDB >=1.0.0 - Unauthenticated Remote Code Execution via Malicious Model Repository
CVE-2026-42859 HIGH
Neat VNC: Buffer overflow due to oversized RSA public keys
CVE-2026-3296 CRITICAL
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
CVE-2026-34980 HIGH
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
CVE-2026-35414 MEDIUM
OpenSSH < 10.3 - Always-Incorrect Control Flow Implementation in Authorized Keys Principals Handling
CVE-2026-33765 CRITICAL
Pi-hole Web <6.0 savesettings.php - Command Injection
CVE-2026-4105 MEDIUM
Red Hat Enterprise Linux 10 - Improper Access Control via systemd-machined RegisterMachine D-Bus Method
CVE-2026-30861 CRITICAL
WeKnora 0.2.5-0.2.9 - Unauthenticated Remote Code Execution via MCP stdio Configuration Validation Bypass
CVE-2026-30860 CRITICAL
WeKnora <0.2.12 - RCE via SQL Injection
CVE-2026-28391 CRITICAL
OpenClaw <2026.2.2 - Command Injection
 View all labs →

KEV Gaps

CVE-2026-48027
Compromised Nx Console version 18.95.0
 CVE-2026-8398
DAEMON Tools Lite 12.5.0.2421-12.5.0.2434 - Embedded Malicious Code in Trojanized Installer
 CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
 CVE-2009-1537
Microsoft DirectX 7.0-9.0c - Remote Code Execution via QuickTime Movie Parser Filter
 CVE-2026-6973
Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Authenticated Remote Code Execution
 CVE-2025-29635
D-Link DIR-823X 240126 and 240802 - Authenticated Remote Command Execution via /goform/set_prohibiting
 CVE-2024-57728
SimpleHelp < 5.5.8 - Authenticated Path Traversal and Arbitrary File Write via Zip Slip
 CVE-2024-57726
SimpleHelp < 5.5.8 - Missing Authorization for API Key Creation
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration Suite 8.8.15, 9.0, 10.0-10.1 - Stored Cross-Site Scripting via Crafted Email HTML Content