CVE & Exploit Intelligence Database

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,123 CVEs tracked 53,219 with exploits 4,686 exploited in wild 1,539 CISA KEV 3,912 Nuclei templates 37,757 vendors 42,422 researchers

412 results Clear all

CVE-2019-5432 7.5 HIGH EPSS 0.01

mqtt-packet <3.5.1-6.1.2 - Buffer Overflow

A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding.

CWE-125 May 06, 2019

CVE-2019-11036 9.1 CRITICAL EPSS 0.02

Php < 7.1.29 - Buffer Over-read

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

CWE-125 May 03, 2019

CVE-2019-3563 9.8 CRITICAL 1 Writeup EPSS 0.00

Facebook Wangle < 2019.04.22.00 - Out-of-Bounds Write

Wangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a buffer, leading to a potential underflow. This affects versions of Wangle prior to v2019.04.22.00

CWE-126 Apr 29, 2019

CVE-2018-8799 7.5 HIGH 1 Writeup EPSS 0.01

rdesktop <1.8.3 - DoS

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault).

CWE-125 Feb 05, 2019

CVE-2018-8798 7.5 HIGH 1 Writeup EPSS 0.01

rdesktop <1.8.3 - Info Disclosure

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.

CWE-125 Feb 05, 2019

CVE-2018-8796 7.5 HIGH 1 Writeup EPSS 0.01

rdesktop <1.8.3 - DoS

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).

CWE-125 Feb 05, 2019

CVE-2018-8792 7.5 HIGH 1 Writeup EPSS 0.01

rdesktop <1.8.3 - DoS

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).

CWE-125 Feb 05, 2019

CVE-2018-8791 7.5 HIGH 1 Writeup EPSS 0.01

rdesktop <1.8.3 - Info Disclosure

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.

CWE-125 Feb 05, 2019

CVE-2018-8789 7.5 HIGH 1 Writeup EPSS 0.02

FreeRDP <2.0.0-rc4 - DoS

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).

CWE-125 Nov 29, 2018

CVE-2018-14790 9.8 CRITICAL EPSS 0.03

Fuji Electric FRENIC LOADER v3.3-7.3.4.1a - RCE

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device.

CWE-125 Oct 01, 2018

CVE-2017-7679 9.8 CRITICAL 4 PoCs Analysis EPSS 0.41

Apache httpd <2.2.33, <2.4.26 - Buffer Overflow

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

CWE-119 Jun 20, 2017

CVE-2017-7668 7.5 HIGH EXPLOITED EPSS 0.66

Apache httpd <2.4.24 - DoS

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.

CWE-125 Jun 20, 2017

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps