High EPSS Vulnerabilities with Public Exploits

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,589 CVEs tracked 53,640 with exploits 4,860 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,361 vendors 43,897 researchers
3,481 results Clear all
CVE-2020-6418 8.8 HIGH KEV 8 PoCs Analysis EPSS 0.86
Google Chrome <80.0.3987.122 - Heap Corruption
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CWE-843 Feb 27, 2020
CVE-2024-1208 5.3 MEDIUM 2 PoCs Analysis NUCLEI EPSS 0.86
LearnDash LMS <4.10.2 - Info Disclosure
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.
CWE-200 Feb 05, 2024
CVE-2024-50340 7.3 HIGH 1 PoC Analysis NUCLEI EPSS 0.86
Symfony Runtime < 5.4.46 - Injection
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CWE-74 Nov 06, 2024
CVE-2023-37599 7.5 HIGH 1 PoC Analysis NUCLEI EPSS 0.86
Issabel Pbx - Exposure to Wrong Actor
An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory
CWE-668 Jul 13, 2023
CVE-2006-2685 4 PoCs Analysis EPSS 0.86
Kevin Johnson Basic Analysis And Security Engine - Code Injection
PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php.
CWE-94 May 31, 2006
CVE-2007-0015 EXPLOITED 4 PoCs Analysis EPSS 0.86
Apple Quicktime - Buffer Overflow
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.
Jan 01, 2007
CVE-2010-3971 EXPLOITED 5 PoCs Analysis EPSS 0.86
Microsoft Internet Explorer - Resource Management Error
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
CWE-399 Dec 22, 2010
CVE-2023-39141 7.5 HIGH 2 PoCs Analysis NUCLEI EPSS 0.86
webui-aria2 <4fe2 - Path Traversal
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.
CWE-22 Aug 22, 2023
CVE-2020-17136 7.8 HIGH 2 PoCs Analysis EPSS 0.86
Windows Cloud Files Mini Filter Driver - Privilege Escalation
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Dec 10, 2020
CVE-2017-11774 7.8 HIGH KEV 1 PoC Analysis EPSS 0.86
Microsoft Outlook <2016 - Command Injection
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."
CWE-119 Oct 13, 2017
CVE-2019-13101 9.8 CRITICAL EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.86
Dlink Dir-600m Firmware - Missing Authentication
An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.
CWE-306 Aug 08, 2019
CVE-2018-18323 7.5 HIGH 1 PoC Analysis NUCLEI EPSS 0.86
Webpanel - Path Traversal
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.
CWE-22 Oct 15, 2018
CVE-2018-9032 9.8 CRITICAL 1 PoC Analysis EPSS 0.86
Dlink Dir-850l Firmware < 2.06 - Authentication Bypass
An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php.
CWE-287 Mar 27, 2018
CVE-2020-7200 9.8 CRITICAL 2 PoCs Analysis EPSS 0.86
HP Systems Insight Manager - Remote Code Execution
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.
Dec 18, 2020
CVE-2018-12054 7.5 HIGH 1 PoC Analysis NUCLEI EPSS 0.86
PHP Scripts Mall Schools Alert Mgt - Path Traversal
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
CWE-22 Jun 08, 2018
CVE-2024-9593 8.3 HIGH EXPLOITED 4 PoCs Analysis NUCLEI EPSS 0.86
Wpplugin Time Clock < 1.1.4 - Code Injection
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified.
CWE-94 Oct 18, 2024
CVE-2007-4279 1 PoC Analysis EPSS 0.85
FrontAccounting 1.12 Build 31 - RCE
PHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.
Aug 09, 2007
CVE-2017-14537 6.5 MEDIUM 1 PoC Analysis NUCLEI EPSS 0.85
Trixbox 2.8.0 - Path Traversal
trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
CWE-22 Feb 16, 2018
CVE-2006-6199 10 PoCs Analysis EPSS 0.85
Blazevideo Blaze Dvd - Memory Corruption
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
CWE-119 Dec 01, 2006
CVE-2012-3399 2 PoCs Analysis EPSS 0.85
Artis.imag Basilic - Improper Input Validation
Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.
CWE-20 Jul 12, 2012

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation