Last updated: December 23, 2025 at 20:11 UTC
814
CVEs with Exploits but No Detection
These vulnerabilities have working exploit code available but lack detection rules in major open-source security tools. They're your blind spots.
As of December 23, 2025 at 20:11 UTC, there are 814 CRITICAL_GAP CVEs— vulnerabilities with known public exploits but NO detection rules available in major open-source security tools. These represent blind spots in your security posture. Each CVE listed here has working exploit code (via Metasploit, ExploitDB, GitHub PoCs, or CISA KEV) but lacks detection in tools like Nuclei, Sigma, Snort/Suricata, YARA, or Semgrep. Tool maintainers: these are the gaps that need YOUR detection rules.
How many CVEs need YOUR tool's rules?
Detection gaps by tool: Nuclei: 814 CVEs (100.0%) need detection rules Sigma: 814 CVEs (100.0%) need detection rules Snort/Suricata: 814 CVEs (100.0%) need detection rules YARA: 814 CVEs (100.0%) need detection rules Semgrep: 814 CVEs (100.0%) need detection rules OSV.dev: 814 CVEs (100.0%) need detection rules
Priority order for closing gaps
Severity distribution: CRITICAL: 214 gaps, HIGH: 483 gaps, None: 105 gaps.
Top 50 CRITICAL_GAP CVEs by CVSS score. These have working exploits but no detection rules.
| CVE ID | Title | Severity | Exploits | Missing Tools | Days Old |
|---|---|---|---|---|---|
| CVE-2025-13390 | WP Directory Kit Plugin Vulnerability | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 20 |
| CVE-2025-41115 | CVE-2025-41115 | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 32 |
| CVE-2025-36250 | AIX NIM Server Vulnerability | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 40 |
| CVE-2025-12539 | TNC Toolbox Web Performance Plugin Vulnerability | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 42 |
| CVE-2025-10230 | Samba WINS Hook Vulnerability | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 46 |
| CVE-2025-61481 | CVE-2025-61481 | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 57 |
| CVE-2025-62168 | Squid Cache Proxy Vulnerability | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 67 |
| CVE-2025-42944 | SAP NetWeaver RMI-P4 Deserialization Vulnerability | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 105 |
| CVE-2025-54914 | Azure Networking Elevation of Privilege Vulnerability | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 110 |
| CVE-2022-31491 | Voltronic PowerView Exploit | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 123 |
| CVE-2025-43300 | CVE-2025-43300 | CRITICAL | github_poc, cisa_kev | Nuclei, Sigma, Snort/Suricata +3 more | 124 |
| CVE-2025-48148 | StoreKeeper B.V. StoreKeeper for WooCommerce Vulnerability | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 125 |
| CVE-2025-20265 | Cisco Secure Firewall Management Center RADIUS Remote Cod... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 131 |
| CVE-2025-20337 | Cisco ISE Unauthenticated Remote Code Execution Vulnerabi... | CRITICAL | github_poc, cisa_kev | Nuclei, Sigma, Snort/Suricata +3 more | 160 |
| CVE-2025-29009 | Unrestricted Upload of File with Dangerous Type | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 160 |
| CVE-2025-41656 | Node_RED Server Vulnerability | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 175 |
| CVE-2025-20282 | Cisco ISE Unauthenticated Remote Code Execution Vulnerabi... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 181 |
| CVE-2025-47577 | TemplateInvaders TI WooCommerce Wishlist Vulnerability | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 218 |
| CVE-2025-39401 | WPAMS Arbitrary File Upload Vulnerability | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 218 |
| CVE-2025-32433 | Erlang/OTP SSH Vulnerability | CRITICAL | github_poc, cisa_kev | Nuclei, Sigma, Snort/Suricata +3 more | 251 |
| CVE-2025-22954 | Koha SQL Injection Vulnerability | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 286 |
| CVE-2025-24201 | Web Content Sandbox Escape | CRITICAL | github_poc, cisa_kev | Nuclei, Sigma, Snort/Suricata +3 more | 287 |
| CVE-2025-24085 | iOS 18.3/iPadOS 18.3 Vulnerability | CRITICAL | exploitdb, github_poc, cisa_kev | Nuclei, Sigma, Snort/Suricata +3 more | 330 |
| CVE-2024-48841 | FLXEON Exploit | CRITICAL | exploitdb | Nuclei, Sigma, Snort/Suricata +3 more | 330 |
| CVE-2025-23922 | Harsh iSpring Embedder CSRF | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 341 |
| CVE-2024-56064 | Azzaro WP SuperBackup Unrestricted File Upload | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 357 |
| CVE-2024-48840 | Unauthorized Access vulnerabilities allow Remote Code Exe... | CRITICAL | exploitdb | Nuclei, Sigma, Snort/Suricata +3 more | 383 |
| CVE-2024-51550 | Data Validation / Data Sanitization vulnerabilities in L... | CRITICAL | exploitdb | Nuclei, Sigma, Snort/Suricata +3 more | 383 |
| CVE-2024-48839 | Improper Input Validation vulnerability allows Remote Cod... | CRITICAL | exploitdb | Nuclei, Sigma, Snort/Suricata +3 more | 383 |
| CVE-2024-52375 | Unrestricted Upload of File with Dangerous Type vulnerabi... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 404 |
| CVE-2024-52380 | Unrestricted Upload of File with Dangerous Type vulnerabi... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 404 |
| CVE-2024-51793 | Unrestricted Upload of File with Dangerous Type vulnerabi... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 407 |
| CVE-2024-51788 | Unrestricted Upload of File with Dangerous Type vulnerabi... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 407 |
| CVE-2024-50510 | Unrestricted Upload of File with Dangerous Type vulnerabi... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 419 |
| CVE-2024-50493 | Unrestricted Upload of File with Dangerous Type vulnerabi... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 420 |
| CVE-2024-50473 | Unrestricted Upload of File with Dangerous Type vulnerabi... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 420 |
| CVE-2024-50482 | Unrestricted Upload of File with Dangerous Type vulnerabi... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 420 |
| CVE-2024-49668 | Unrestricted Upload of File with Dangerous Type vulnerabi... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 426 |
| CVE-2024-49607 | Unrestricted Upload of File with Dangerous Type vulnerabi... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 429 |
| CVE-2024-45519 | The postjournal service in Zimbra Collaboration (ZCS) bef... | CRITICAL | github_poc, cisa_kev | Nuclei, Sigma, Snort/Suricata +3 more | 447 |
| CVE-2024-43918 | Improper Neutralization of Special Elements used in an SQ... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 481 |
| CVE-2024-6298 | Unauthorized file access in WEB Server in ABB ASPECT - En... | CRITICAL | exploitdb | Nuclei, Sigma, Snort/Suricata +3 more | 536 |
| CVE-2024-6209 | Unauthorized file access in WEB Server in ABB ASPECT - En... | CRITICAL | exploitdb | Nuclei, Sigma, Snort/Suricata +3 more | 536 |
| CVE-2024-38366 | trunk.cocoapods.org is the authentication server for the ... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 540 |
| CVE-2023-50029 | PHP Injection vulnerability in the module "M4 PDF Extensi... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 547 |
| CVE-2024-3605 | The WP Hotel Booking plugin for WordPress is vulnerable t... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 551 |
| CVE-2024-31351 | Unrestricted Upload of File with Dangerous Type vulnerabi... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 585 |
| CVE-2024-32700 | Unrestricted Upload of File with Dangerous Type vulnerabi... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 588 |
| CVE-2024-24576 | Rust is a programming language. The Rust Security Respons... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 623 |
| CVE-2024-3094 | Malicious code was discovered in the upstream tarballs of... | CRITICAL | github_poc | Nuclei, Sigma, Snort/Suricata +3 more | 634 |
Security tool maintainers: these CVEs have exploits but no detection rules for your tool. Help the community by submitting detection rules.
| Tool | Missing Rules | Repository | Contribute |
|---|---|---|---|
| Nuclei | 814 | Repository | Submit Rule |
| Sigma | 814 | Repository | Submit Rule |
| Snort/Suricata | 814 | Repository | Submit Rule |
| YARA | 814 | Repository | Submit Rule |
| Semgrep | 814 | Repository | Submit Rule |
| OSV.dev | 814 | Repository | Submit Rule |
Programmatic access to detection gaps data. Use these endpoints to integrate gap reports into your security workflows or build automated alerting.
| Endpoint | Description |
|---|---|
/api/gaps |
All CRITICAL_GAP CVEs with stats. Supports ?tool= and ?severity= filters. |
/api/gaps/nuclei |
CVEs missing Nuclei templates |
/api/gaps/sigma |
CVEs missing Sigma rules |
/api/gaps/yara |
CVEs missing YARA rules |
/api/gaps/snort |
CVEs missing Snort/Suricata rules |
/api/gaps/semgrep |
CVEs missing Semgrep rules |
Example: curl https://wtfisthiscve.com/api/gaps?tool=nuclei&severity=CRITICAL