1478KEV entries tracked
10High-EPSS not in KEV
18New KEV in last 30 days
Trending PoCs
Most starred PoCs in the past few days| Stars | Updated | Name | Description |
|---|---|---|---|
| Loading trending PoCs… | |||
Latest KEV additions
Last 30 days| CVE | Vendor | Product | EPSS | Percentile | Date Added | Due |
|---|---|---|---|---|---|---|
| CVE-2025-59718 | Fortinet | Multiple Products | 0.000 | 0th | 2025-12-16 | 2025-12-23 |
| CVE-2025-14611 | Gladinet | CentreStack and Triofox | 0.000 | 0th | 2025-12-15 | 2026-01-05 |
| CVE-2025-43529 | Apple | Multiple Products | 0.000 | 0th | 2025-12-15 | 2026-01-05 |
| CVE-2018-4063 | Sierra Wireless | AirLink ALEOS | 0.000 | 0th | 2025-12-12 | 2026-01-02 |
| CVE-2025-14174 | Chromium | 0.000 | 0th | 2025-12-12 | 2026-01-02 | |
| CVE-2025-58360 | OSGeo | GeoServer | 0.000 | 0th | 2025-12-11 | 2026-01-01 |
| CVE-2025-6218 | RARLAB | WinRAR | 0.000 | 0th | 2025-12-09 | 2025-12-30 |
| CVE-2025-62221 | Microsoft | Windows | 0.000 | 0th | 2025-12-09 | 2025-12-30 |
| CVE-2022-37055 | D-Link | Routers | 0.000 | 0th | 2025-12-08 | 2025-12-29 |
| CVE-2025-66644 | Array Networks | ArrayOS AG | 0.000 | 0th | 2025-12-08 | 2025-12-29 |
| CVE-2025-55182 | Meta | React Server Components | 0.000 | 0th | 2025-12-05 | 2025-12-12 |
| CVE-2021-26828 | OpenPLC | ScadaBR | 0.000 | 0th | 2025-12-03 | 2025-12-24 |
| CVE-2025-48572 | Android | Framework | 0.000 | 0th | 2025-12-02 | 2025-12-23 |
| CVE-2025-48633 | Android | Framework | 0.000 | 0th | 2025-12-02 | 2025-12-23 |
| CVE-2021-26829 | OpenPLC | ScadaBR | 0.000 | 0th | 2025-11-28 | 2025-12-19 |
| CVE-2025-61757 | Oracle | Fusion Middleware | 0.000 | 0th | 2025-11-21 | 2025-12-12 |
| CVE-2025-13223 | Chromium V8 | 0.000 | 0th | 2025-11-19 | 2025-12-10 | |
| CVE-2025-58034 | Fortinet | FortiWeb | 0.000 | 0th | 2025-11-18 | 2025-11-25 |
High EPSS not in KEV
Sorted by score| CVE | EPSS | Percentile | PoCs | Summary |
|---|---|---|---|---|
| CVE-2025-9316 | 0.787 | 99th | 0 | No public description yet. |
| CVE-2025-8943 | 0.658 | 98th | 1 | The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks ro... |
| CVE-2025-8489 | 0.433 | 97th | 0 | No public description yet. |
| CVE-2025-8426 | 0.394 | 97th | 0 | No public description yet. |
| CVE-2025-8518 | 0.339 | 97th | 1 | A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation l... |
| CVE-2025-8868 | 0.171 | 95th | 0 | No public description yet. |
| CVE-2025-8730 | 0.119 | 93th | 2 | A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-c... |
| CVE-2025-7795 | 0.096 | 93th | 3 | A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument pa... |
| CVE-2025-9090 | 0.083 | 92th | 4 | A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible... |
| CVE-2025-8085 | 0.078 | 92th | 1 | The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. |
Fresh PoCs
Recent GitHub movement| Stars | Updated | Name | Description |
|---|---|---|---|
| 1241 | 2 hours ago | CVE-2025-55182 | Explanation and full RCE PoC for CVE-2025-55182 |
| 775 | 3 hours ago | CVE-2025-55182-research | CVE-2025-55182 POC |
| 495 | 8 days ago | CVE-2018-20250 | exp for https://research.checkpoint.com/extracting-code-execution-from-winrar |
| 607 | 20 hours ago | CVE-2025-33073 | PoC Exploit for the NTLM reflection SMB flaw. |
| 496 | 4 days ago | CVE-2025-32463_chwoot | Escalation of Privilege to the root through sudo binary with chroot option. CVE-2025-32463 |
| 419 | 5 hours ago | CVE-2025-32463 | Local Privilege Escalation to Root via Sudo chroot in Linux |
| 305 | 1 day ago | CVE-2025-53770-Exploit | SharePoint WebPart Injection Exploit Tool |
| 289 | 4 hours ago | CVE-2025-55182 | RSC/Next.js RCE Vulnerability Detector & PoC Chrome Extension – CVE-2025-55182 & CVE-2025-66478 |
| 901 | 1 hour ago | React2Shell-CVE-2025-55182-original-poc | Original Proof-of-Concepts for React2Shell CVE-2025-55182 |
| 386 | 4 days ago | CVE-2025-24071_PoC | CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File |
| 207 | 1 day ago | CVE-2025-32023 | PoC & Exploit for CVE-2025-32023 / PlaidCTF 2025 "Zerodeo" |
| 396 | 6 days ago | ColorOS-CVE-2025-10184 | ColorOS短信漏洞,以及用户自救方案 |
| 180 | 6 days ago | POC-CVE-2025-24813 | his repository contains an automated Proof of Concept (PoC) script for exploiting **CVE-2025-24813**, a Remote Code Execution (RCE) vulnerability in Apache Tomcat. The vulnerability allows an attacker to upload a malicious serialized payload to the server, leading to arbitrary code execution via deserialization when specific conditions are met. |
| 256 | 15 minutes ago | CVE-2025-55182-advanced-scanner- | |
| 357 | 1 hour ago | Next.js-RSC-RCE-Scanner-CVE-2025-66478 | A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability. |
| 198 | 4 days ago | CVE-2025-30208-EXP | CVE-2025-30208-EXP |
| 73 | 6 days ago | cve-2025-8088 | Path traversal tool based on cve-2025-8088 |
| 163 | 1 day ago | CVE-2025-26125 | ( 0day ) Local Privilege Escalation in IObit Malware Fighter |
| 153 | 8 days ago | CVE-2025-21756 | Exploit for CVE-2025-21756 for Linux kernel 6.6.75. My first linux kernel exploit! |
| 136 | 27 days ago | CVE-2025-32433 | CVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 |