264KEV entries tracked
6High-EPSS not in KEV
1New KEV in last 30 days
Trending PoCs
Current year, updated in the last 4 days| Stars | Updated | Name | Description |
|---|---|---|---|
| 360 | 2 hours ago | Next.js-RSC-RCE-Scanner-CVE-2025-66478 | A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability. |
| 4 | 13 hours ago | CVE-2025-66478-POC | CVE-2025-66478 Proof of Concept |
| 4 | 22 hours ago | CVE-2025-65318-and-CVE-2025-65319 | Insecure attachment handling when using Canary Mail or Blue mail |
| 78 | 1 day ago | Blackash-CVE-2025-55182 | CVE-2025-55182 |
| 17 | 1 day ago | CVE-2025-55182 | a critical Remote Code Execution (RCE) vulnerability in React Server Components (RSC). It also includes a realistic "Lab Environment" to safely test and understand the vulnerability. |
| 6 | 1 day ago | CVE-2025-55184-POC-Expolit | |
| 3 | 1 day ago | CVE-2025-54100 | CVE-2025-54100 (CVSS 7.8 High) is a command injection vulnerability in the Invoke-WebRequest cmdlet of Windows PowerShell 5.1. It arises from improper neutralization of special elements during the automatic parsing of Web responses. |
| 5 | 3 days ago | CVE-2025-55182-golang-PoC | CVE-2025-55182 React Server Components RCE - Go PoC |
High EPSS not in KEV
Sorted by score| CVE | EPSS | Percentile | PoCs | Summary |
|---|---|---|---|---|
| CVE-2025-8943 | 0.658 | 98th | 1 | The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks ro... |
| CVE-2025-8518 | 0.339 | 97th | 1 | A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation l... |
| CVE-2025-8730 | 0.119 | 93th | 2 | A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-c... |
| CVE-2025-7795 | 0.096 | 93th | 3 | A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument pa... |
| CVE-2025-9090 | 0.092 | 92th | 4 | A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible... |
| CVE-2025-8085 | 0.078 | 92th | 1 | The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. |