High EPSS Vulnerabilities with Public Exploits

Updated 5h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

346,589 CVEs tracked 53,640 with exploits 4,860 exploited in wild 1,583 CISA KEV 4,077 Nuclei templates 52,361 vendors 43,897 researchers
3,481 results Clear all
CVE-2024-43919 5.3 MEDIUM 1 PoC Analysis NUCLEI EPSS 0.85
Yarpp Yet Another Related Posts Plugin - Missing Authorization
Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10.
CWE-862 Nov 01, 2024
CVE-2017-9833 7.5 HIGH EXPLOITED 2 PoCs Analysis NUCLEI EPSS 0.85
Boa 0.94.14rc21 - Code Injection
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable.
CWE-22 Jun 24, 2017
CVE-2015-7645 7.8 HIGH KEV RANSOMWARE 1 PoC Analysis EPSS 0.85
Adobe Flash Player <18.0.0.252-19.0.0.207 & 11.2.202.535 - RCE
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
Oct 15, 2015
CVE-2018-20463 7.5 HIGH EXPLOITED 1 PoC Analysis NUCLEI EPSS 0.85
Jsmol2wp - Path Traversal
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF.
CWE-22 Dec 25, 2018
CVE-2014-1903 3 PoCs Analysis EPSS 0.84
FreePBX <2.9.0.14, <2.10.1.15, <2.11.0.23, <12.0.1alpha22 - RCE
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
CWE-264 Feb 18, 2014
CVE-2014-4977 2 PoCs Analysis EPSS 0.84
Dell SonicWall Scrutinizer 11.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the (2) user_id parameter in the changeUnit function, (3) methodDetail parameter in the methodDetail function, or (4) xcNetworkDetail parameter in the xcNetworkDetail function in d4d/exporters.php.
CWE-89 Jul 16, 2014
CVE-1999-0874 6 PoCs Analysis EPSS 0.84
Microsoft Internet Information Server - Memory Corruption
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
CWE-119 Jun 16, 1999
CVE-2001-0333 10 PoCs Analysis EPSS 0.84
Microsoft Internet Information Server < 5.0 - Path Traversal
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
Jun 27, 2001
CVE-2007-3370 1 PoC Analysis EPSS 0.84
Sun Board 1.00.00 Alpha - RCE
Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath parameter to include.php or (2) the dir parameter to skin/board/default/doctype.php.
Jun 22, 2007
CVE-2007-3371 1 PoC Analysis EPSS 0.84
Powl 0.94 - RCE
PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL in the _POWL[installPath] parameter.
Jun 22, 2007
CVE-2025-55182 10.0 CRITICAL KEV RANSOMWARE 510 PoCs Analysis NUCLEI EPSS 0.84
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
CWE-502 Dec 03, 2025
CVE-2019-11707 8.8 HIGH KEV 6 PoCs Analysis EPSS 0.84
Mozilla Firefox < 60.7.1 - Type Confusion
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
CWE-843 Jul 23, 2019
CVE-2023-5631 6.1 MEDIUM KEV 1 PoC 1 Writeup EPSS 0.84
Roundcube Webmail < 1.4.15 - XSS
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
CWE-79 Oct 18, 2023
CVE-2007-3401 1 PoC Analysis EPSS 0.84
B1G b1gBB <2.24 - RCE
PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB 2.24 allows remote attackers to execute arbitrary PHP code via a URL in the tfooter parameter.
Jun 26, 2007
CVE-2007-2607 1 PoC Analysis EPSS 0.84
LaVague <0.3 - RCE
PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter.
May 11, 2007
CVE-2016-1561 7.5 HIGH 2 PoCs Analysis EPSS 0.84
ExaGrid <4.8 P26 - Privilege Escalation
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.
CWE-200 Apr 21, 2017
CVE-2000-0457 1 PoC Analysis EPSS 0.84
IIS 4.0-5.0 - Info Disclosure
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.
May 11, 2000
CVE-2012-1493 4 PoCs Analysis EPSS 0.84
F5 Big-ip 3600 - Credentials Management
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
CWE-255 Jul 09, 2012
CVE-2011-3400 2 PoCs Analysis EPSS 0.84
Microsoft Windows XP <SP2-SP3 & Server 2003 <SP2 - RCE
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
CWE-94 Dec 14, 2011
CVE-2025-29306 9.8 CRITICAL EXPLOITED 9 PoCs Analysis NUCLEI EPSS 0.84
FoxCMS v.1.2.5 - Remote Code Execution
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.
CWE-94 Mar 27, 2025

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised -- A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-29635
Dlink Dir-823x Firmware - Command Injection
 CVE-2024-57728
Simple-help Simplehelp < 5.5.8 - Symlink Following
 CVE-2024-57726
Simple-help Simplehelp < 5.5.8 - Missing Authorization
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation
 CVE-2026-20122
Cisco Catalyst SD-WAN Manager - Path Traversal
 CVE-2025-32975
Quest KACE SMA <14.1.101 - Auth Bypass
 CVE-2025-48700
Zimbra Collaboration <10.1 - XSS
 CVE-2025-2749
Kentico Xperience < 13.0.178 - Path Traversal
 CVE-2023-27351
Papercut MF < 20.1.7 - Authentication Bypass
 CVE-2009-0238
Microsoft Office <2007 SP1 - RCE
 CVE-2012-1854
Microsoft Office <2010 - Privilege Escalation