High EPSS Vulnerabilities with Public Exploits

Updated 16m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

358,116 CVEs tracked 54,450 with exploits 5,036 exploited in wild 1,622 CISA KEV 4,194 Nuclei templates 55,255 vendors 47,556 researchers
1,858 results Clear all
CVE-2016-10073 7.5 HIGH 2 PoCs Analysis EPSS 0.84
Vanilla Forums <2.3.1 - Info Disclosure
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
CWE-200 May 23, 2017 STIX 2.1
CVE-2008-3257 3 PoCs Analysis EPSS 0.84
Oracle WebLogic Server <10.3 - Buffer Overflow
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
CWE-119 Jul 22, 2008 STIX 2.1
CVE-2022-1292 7.3 HIGH SSVC PoC 6 PoCs Analysis EPSS 0.84
Siemens Brownfield Connectivity Gateway < 2.15 - OS Command Injection
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
CWE-78 May 03, 2022 STIX 2.1
CVE-2009-3953 8.8 HIGH KEV SSVC ACTIVE 2 PoCs Analysis EPSS 0.84
Adobe Acrobat 7.0-7.1.3 - Remote Code Execution via U3D CLODProgressiveMeshDeclaration Array Boundary Issue
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
CWE-787 Jan 13, 2010 STIX 2.1
CVE-2019-0193 7.2 HIGH KEV SSVC ACTIVE 5 PoCs Analysis NUCLEI EPSS 0.84
Apache Solr < 7.7.3 and 8.0.0-8.1.1 - Remote Code Execution via DataImportHandler dataConfig Parameter
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
CWE-94 Aug 01, 2019 STIX 2.1
CVE-2021-25094 8.1 HIGH EXPLOITED 6 PoCs Analysis NUCLEI EPSS 0.84
Tatsu Wordpress Plugin RCE
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.
CWE-306 Apr 25, 2022 STIX 2.1
CVE-2010-2075 10 PoCs Analysis EPSS 0.84
UnrealIRCd 3.2.8.1 - Remote Code Execution via Trojaned DEBUG3_DOLOG_SYSTEM Macro
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
CWE-20 Jun 15, 2010 STIX 2.1
CVE-2017-11317 9.8 CRITICAL KEV SSVC ACTIVE 8 PoCs Analysis EPSS 0.83
Telerik UI for ASP.NET AJAX < 2017.1.118 - Remote Code Execution via Weak RadAsyncUpload Encryption
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
CWE-326 Aug 23, 2017 STIX 2.1
CVE-2005-1790 EXPLOITED 2 PoCs Analysis EPSS 0.83
Microsoft Internet Explorer 6.0.2900.2180 and 6.0.2800.1106 - Remote Code Execution via JavaScript BODY onload Event
Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."
CWE-399 Jun 01, 2005 STIX 2.1
CVE-2009-2288 EXPLOITED 4 PoCs Analysis EPSS 0.83
Nagios < 3.1.1 - OS Command Injection via statuswml.cgi Ping or Traceroute Parameters
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
CWE-78 Jul 01, 2009 STIX 2.1
CVE-2016-10174 9.8 CRITICAL KEV SSVC ACTIVE 3 PoCs Analysis EPSS 0.83
NETGEAR Multiple Routers - Unauthenticated Remote Code Execution via Hidden Lang AVI Parameter Buffer Overflow
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
CWE-120 Jan 30, 2017 STIX 2.1
CVE-2024-47076 8.6 HIGH SSVC PoC 2 PoCs 1 Writeup Analysis EPSS 0.83
libcupsfilters < 2.0.0 - Improper Input Validation in cfGetPrinterAttributes5
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
CWE-20 Sep 26, 2024 STIX 2.1
CVE-2021-20021 9.8 CRITICAL KEV SSVC ACTIVE RANSOMWARE 1 PoC Analysis NUCLEI EPSS 0.83
SonicWall Email Security < 10.0.9.6103 - Unauthenticated Administrative Account Creation via Crafted HTTP Request
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.
CWE-269 Apr 09, 2021 STIX 2.1
CVE-2001-1583 5 PoCs Analysis EPSS 0.83
Solaris 8 - Remote Code Execution
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.
CWE-78 Dec 31, 2001 STIX 2.1
CVE-2010-1871 8.8 HIGH KEV SSVC ACTIVE 3 PoCs Analysis EPSS 0.83
JBoss Enterprise Application Platform 4.3.0 - Remote Code Execution via JBoss Expression Language Injection
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
CWE-917 Aug 05, 2010 STIX 2.1
CVE-2019-1935 9.8 CRITICAL 2 PoCs Analysis EPSS 0.83
Cisco IMC Supervisor, UCS Director, and UCS Director Express for Big Data - Use of Hard-coded Credentials
A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.
CWE-798 Aug 21, 2019 STIX 2.1
CVE-2009-3733 EXPLOITED 2 PoCs Analysis EPSS 0.83
VMware ESX 3.0.3 and 3.5 and ESXi 3.5 - Path Traversal
Directory traversal vulnerability in VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138 on Linux, VMware ESXi 3.5, and VMware ESX 3.0.3 and 3.5 allows remote attackers to read arbitrary files via unspecified vectors.
CWE-22 Nov 02, 2009 STIX 2.1
CVE-2024-43425 8.1 HIGH 9 PoCs Analysis NUCLEI EPSS 0.83
Moodle Remote Code Execution (CVE-2024-43425)
A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.
CWE-94 Nov 07, 2024 STIX 2.1
CVE-2021-28482 8.8 HIGH EXPLOITED RANSOMWARE 2 PoCs Analysis EPSS 0.83
Microsoft Exchange Server - Remote Code Execution
Microsoft Exchange Server Remote Code Execution Vulnerability
Apr 13, 2021 STIX 2.1
CVE-2019-7214 9.8 CRITICAL 6 PoCs Analysis EPSS 0.83
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
CWE-502 Apr 24, 2019 STIX 2.1

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-41702: Forty-Seven Microseconds in /var/run/vmware/cnx-tmp
May 17, 2026
Hermes Agent with EIP Harness: The Vulnerability Research Assistant That Also Runs Your Pipelines
May 13, 2026
CVE-2026-41940: cPanel & WHM Pre-Auth RCE - Two Write Paths, One Filter
May 01, 2026
EIP STIX 2.1 / TAXII 2.1 Feed: Exploit Intelligence for Your Stack
Apr 29, 2026
CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
 View all posts →

CVEForge Labs

CVE-2026-45829 CRITICAL
ChromaDB >=1.0.0 - Unauthenticated Remote Code Execution via Malicious Model Repository
CVE-2026-42859 HIGH
Neat VNC: Buffer overflow due to oversized RSA public keys
CVE-2026-3296 CRITICAL
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
CVE-2026-34980 HIGH
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
CVE-2026-35414 MEDIUM
OpenSSH < 10.3 - Always-Incorrect Control Flow Implementation in Authorized Keys Principals Handling
CVE-2026-33765 CRITICAL
Pi-hole Web <6.0 savesettings.php - Command Injection
CVE-2026-4105 MEDIUM
Red Hat Enterprise Linux 10 - Improper Access Control via systemd-machined RegisterMachine D-Bus Method
CVE-2026-30861 CRITICAL
WeKnora 0.2.5-0.2.9 - Unauthenticated Remote Code Execution via MCP stdio Configuration Validation Bypass
CVE-2026-30860 CRITICAL
WeKnora <0.2.12 - RCE via SQL Injection
CVE-2026-28391 CRITICAL
OpenClaw <2026.2.2 - Command Injection
 View all labs →

KEV Gaps

CVE-2026-48027
Compromised Nx Console version 18.95.0
 CVE-2026-8398
DAEMON Tools Lite 12.5.0.2421-12.5.0.2434 - Embedded Malicious Code in Trojanized Installer
 CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
 CVE-2009-1537
Microsoft DirectX 7.0-9.0c - Remote Code Execution via QuickTime Movie Parser Filter
 CVE-2026-6973
Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Authenticated Remote Code Execution
 CVE-2025-29635
D-Link DIR-823X 240126 and 240802 - Authenticated Remote Command Execution via /goform/set_prohibiting
 CVE-2024-57728
SimpleHelp < 5.5.8 - Authenticated Path Traversal and Arbitrary File Write via Zip Slip
 CVE-2024-57726
SimpleHelp < 5.5.8 - Missing Authorization for API Key Creation
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration Suite 8.8.15, 9.0, 10.0-10.1 - Stored Cross-Site Scripting via Crafted Email HTML Content