264KEV entries tracked
6High-EPSS not in KEV
1New KEV in last 30 days
Trending PoCs
Current year, updated in the last 4 days| Stars | Updated | Name | Description |
|---|---|---|---|
| 1 | 55 minutes ago | CVE-2025-61882-CVE-2025-61884 | 🔍 Detect vulnerabilities CVE-2025-61882 and CVE-2025-61884 in Oracle E-Business Suite to help secure your systems from potential remote code execution threats. |
| 1 | 1 hour ago | CVE-2025-54253-Exploit-Demo | 🐙 CVE-2025-54253 exploit demo for Adobe AEM Forms on JEE: OGNL injection to RCE with PoC, Python 3.10 exploit code, reproducer and mitigation guidance. |
| 1 | 1 hour ago | CVE-2025-54424 | CVE-2025-54424: 1Panel TLS client cert bypass enables RCE via forged CN 'panel_client' using a bundled scanning and exploitation tool. Affected: <= v2.0.5. 🔐 |
| 360 | 2 hours ago | Next.js-RSC-RCE-Scanner-CVE-2025-66478 | A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability. |
| 1 | 2 hours ago | CVE-2025-13780 | A comprehensive vulnerability scanner for CVE-2025-13780, a Remote Code Execution (RCE) vulnerability in pgAdmin 4 versions ≤ 8.14. |
| 2 | 10 hours ago | CVE-2025-6218-WinRAR-RCE-POC | Comprehensive analysis and proof-of-concept for CVE-2025-6218 - WinRAR path traversal RCE vulnerability affecting versions 7.11 and earlier |
| 1 | 11 hours ago | CVE-2025-55182-React2Shell-Exploit | A proof-of-concept tool for demonstrating the critical React2Shell vulnerability |
| 4 | 13 hours ago | CVE-2025-66478-POC | CVE-2025-66478 Proof of Concept |
| 4 | 22 hours ago | CVE-2025-65318-and-CVE-2025-65319 | Insecure attachment handling when using Canary Mail or Blue mail |
| 78 | 1 day ago | Blackash-CVE-2025-55182 | CVE-2025-55182 |
| 17 | 1 day ago | CVE-2025-55182 | a critical Remote Code Execution (RCE) vulnerability in React Server Components (RSC). It also includes a realistic "Lab Environment" to safely test and understand the vulnerability. |
| 3 | 1 day ago | CVE-2025-54100 | CVE-2025-54100 (CVSS 7.8 High) is a command injection vulnerability in the Invoke-WebRequest cmdlet of Windows PowerShell 5.1. It arises from improper neutralization of special elements during the automatic parsing of Web responses. |
| 2 | 1 day ago | CVE-2025-31702 | Repository with tools, exploits, and material associated with the analysis and discovery process of CVE-2025-31702 and other related security issues. |
| 1 | 1 day ago | CVE-2025-55182 | React2Shell Vulnerability |
| 1 | 1 day ago | Blackash-CVE-2025-13780 | CVE-2025-13780 |
| 2 | 2 days ago | CVE-2025-55182 | This project provides a fully functional demonstration of CVE-2025-55182 (React2Shell) - a critical Remote Code Execution vulnerability in React Server Components and Next.js. |
| 1 | 2 days ago | react2shell-scanner-CVE-2025-55182 | React2shell-web-scanner |
| 1 | 2 days ago | CVE-2025-55182-Waf | CVE-2025-55182 RCE vulnerability in Next.js/React RSC servers (exploit and scanner) |
| 1 | 2 days ago | CVE-2025-55182 | A command-line tool for detecting CVE-2025-55182 and CVE-2025-66478 in Next.js applications using React Server Components. |
| 1 | 2 days ago | CVE-2025-9074_DAEMON_KILLER | The Ultimate DAEMON_KILLER. Control is an illusion. This Exploit forces CVE-2025-9074 to break the Docker cage. Advanced Container Escape & Root Escalation toolkit. Verify the vulnerability, take the host, destroy the logs. > We Are Fsociety_ |
High EPSS not in KEV
Sorted by score| CVE | EPSS | Percentile | PoCs | Summary |
|---|---|---|---|---|
| CVE-2025-8943 | 0.658 | 98th | 1 | The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks ro... |
| CVE-2025-8518 | 0.339 | 97th | 1 | A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation l... |
| CVE-2025-8730 | 0.119 | 93th | 2 | A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-c... |
| CVE-2025-7795 | 0.096 | 93th | 3 | A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument pa... |
| CVE-2025-9090 | 0.092 | 92th | 4 | A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible... |
| CVE-2025-8085 | 0.078 | 92th | 1 | The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. |