Time-bomb CVEs
These vulnerabilities have a ready exploit and high probability of exploitation — but have not yet entered the active-exploitation list. This is your window to patch before the attack happens.
Why “time-bomb”?High EPSS (exploitation probability) + public exploit available + still outside KEV (not confirmed active). The combination that usually precedes real attacks.
3866 vulnerabilities in this state right now
CVE-2014-3566metasploit
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man
100%prob.
3.4CVSS
CVE-2014-0195metasploit
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properl
100%prob.
—CVSS
CVE-2014-3704PoCnucleimetasploit
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements,
100%prob.
—CVSS
CVE-2015-7297PoCnucleimetasploit
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a
100%prob.
—CVSS
CVE-2022-42889PoCmetasploit
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
100%prob.
—CVSS
CVE-2025-53771nucleimetasploit
Microsoft SharePoint Server Spoofing Vulnerability
100%prob.
6.5CVSS
CVE-2015-4000metasploit
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_E
100%prob.
3.7CVSS
CVE-2020-13379PoCnuclei
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated
100%prob.
—CVSS
CVE-2017-12635PoCnucleimetasploit
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x b
100%prob.
—CVSS
CVE-2017-8917PoCnucleimetasploit
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
100%prob.
—CVSS
CVE-2022-39952PoCnucleimetasploit
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11,
100%prob.
9.8CVSS
CVE-2008-2938PoCmetasploit
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking a
100%prob.
—CVSS
CVE-2020-10220PoCnucleimetasploit
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parame
100%prob.
—CVSS
CVE-2019-0232PoCnucleimetasploit
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0
100%prob.
—CVSS
CVE-2023-27372PoCnucleimetasploit
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions ar
100%prob.
9.8CVSS
CVE-2025-29927PoCnucleimetasploit
Authorization Bypass in Next.js Middleware
100%prob.
9.1CVSS
CVE-2022-37061PoCnucleimetasploit
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to
100%prob.
—CVSS
CVE-2022-1471metasploit
Remote Code execution in SnakeYAML
100%prob.
8.3CVSS
CVE-2014-0094PoCmetasploit
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter,
100%prob.
—CVSS
CVE-2020-14181PoCnucleimetasploit
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vu
100%prob.
—CVSS
CVE-2020-16040PoCmetasploit
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption v
100%prob.
—CVSS
CVE-2024-6387PoC
Openssh: regresshion - race condition in ssh allows rce/dos
100%prob.
8.1CVSS
CVE-2017-1000028PoCnucleimetasploit
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability,
99%prob.
—CVSS
CVE-2013-0156PoCmetasploit
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.1
99%prob.
—CVSS
CVE-2023-34960nucleimetasploit
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary comm
99%prob.
—CVSS
CVE-2017-12542PoCnucleimetasploit
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
99%prob.
—CVSS
CVE-2021-25646nucleimetasploit
Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.
99%prob.
—CVSS
CVE-2021-34429PoCnucleimetasploit
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the con
99%prob.
5.3CVSS
CVE-2023-23333PoCnucleimetasploit
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restricti
99%prob.
9.8CVSS
CVE-2020-36289nuclei
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vu
99%prob.
5.3CVSS
CVE-2022-24637PoCnucleimetasploit
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to g
99%prob.
—CVSS
CVE-2025-1974PoCnuclei
ingress-nginx admission controller RCE escalation
99%prob.
9.8CVSS
CVE-2015-1538PoC
Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I all
99%prob.
—CVSS
CVE-2026-10520PoCnuclei
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user
99%prob.
10.0CVSS
CVE-2020-11022PoC
jQuery has a potential XSS vulnerability
99%prob.
6.9CVSS
CVE-2021-21978nucleimetasploit
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of
99%prob.
—CVSS
CVE-2011-3192PoCmetasploit
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a deni
99%prob.
—CVSS
CVE-2020-9496PoCnucleimetasploit
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
99%prob.
—CVSS
CVE-2023-32560PoCmetasploit
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary co
99%prob.
8.8CVSS
CVE-2020-7209PoCnucleimetasploit
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
99%prob.
—CVSS