Latest Vulnerabilities with Public Exploits

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

357,591 CVEs tracked 54,441 with exploits 5,033 exploited in wild 1,621 CISA KEV 4,191 Nuclei templates 55,234 vendors 47,538 researchers
54,441 results Clear all
BSD 4.2 - 'fingerd' Remote Buffer Overflow
STIX 2.1

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest CVEs with Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-41702: Forty-Seven Microseconds in /var/run/vmware/cnx-tmp
May 17, 2026
Hermes Agent with EIP Harness: The Vulnerability Research Assistant That Also Runs Your Pipelines
May 13, 2026
CVE-2026-41940: cPanel & WHM Pre-Auth RCE - Two Write Paths, One Filter
May 01, 2026
EIP STIX 2.1 / TAXII 2.1 Feed: Exploit Intelligence for Your Stack
Apr 29, 2026
CVE-2026-35414: Three Bugs, One Commit, and Two More Nobody Mentioned
Apr 03, 2026
WP Google Map Plugin - Three Weak Links, One Critical Chain
Mar 29, 2026
 View all posts →

CVEForge Labs

CVE-2026-45829 CRITICAL
ChromaDB >=1.0.0 - Unauthenticated Remote Code Execution via Malicious Model Repository
CVE-2026-42859 HIGH
Neat VNC: Buffer overflow due to oversized RSA public keys
CVE-2026-3296 CRITICAL
Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata
CVE-2026-34980 HIGH
OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network
CVE-2026-35414 MEDIUM
OpenSSH < 10.3 - Always-Incorrect Control Flow Implementation in Authorized Keys Principals Handling
CVE-2026-33765 CRITICAL
Pi-hole Web <6.0 savesettings.php - Command Injection
CVE-2026-4105 MEDIUM
Red Hat Enterprise Linux 10 - Improper Access Control via systemd-machined RegisterMachine D-Bus Method
CVE-2026-30861 CRITICAL
WeKnora 0.2.5-0.2.9 - Unauthenticated Remote Code Execution via MCP stdio Configuration Validation Bypass
CVE-2026-30860 CRITICAL
WeKnora <0.2.12 - RCE via SQL Injection
CVE-2026-28391 CRITICAL
OpenClaw <2026.2.2 - Command Injection
 View all labs →

KEV Gaps

CVE-2026-20262
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
 CVE-2026-54420
Litespeed Technologies cPanel Plugin < 2.4.8 - UNIX Symbolic Link (Symlink) Following
 CVE-2026-48027
Compromised Nx Console version 18.95.0
 CVE-2026-8398
DAEMON Tools Lite 12.5.0.2421-12.5.0.2434 - Embedded Malicious Code in Trojanized Installer
 CVE-2026-45498
Microsoft Defender Denial of Service Vulnerability
 CVE-2009-1537
Microsoft DirectX 7.0-9.0c - Remote Code Execution via QuickTime Movie Parser Filter
 CVE-2026-6973
Ivanti Endpoint Manager Mobile < 12.6.1.1, < 12.7.0.1, < 12.8.0.1 - Authenticated Remote Code Execution
 CVE-2025-29635
D-Link DIR-823X 240126 and 240802 - Authenticated Remote Command Execution via /goform/set_prohibiting
 CVE-2024-57728
SimpleHelp < 5.5.8 - Authenticated Path Traversal and Arbitrary File Write via Zip Slip
 CVE-2024-57726
SimpleHelp < 5.5.8 - Missing Authorization for API Key Creation
 CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Info Disclosure
 CVE-2026-20128
Cisco Catalyst SD-WAN Manager - Privilege Escalation