CVE & Exploit Intelligence Database

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,271 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,547 researchers
160 results Clear all
CVE-2021-35134 8.4 HIGH EPSS 0.00
Snapdragon Connectivity/Snapdragon Industrial IOT/Snapdragon Mobile...
Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
CWE-131 Sep 02, 2022
CVE-2022-2520 6.5 MEDIUM EPSS 0.00
libtiff 4.4.0rc1 - Memory Corruption
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
CWE-131 Aug 31, 2022
CVE-2021-4155 5.5 MEDIUM EPSS 0.00
XFS - Info Disclosure
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.
CWE-131 Aug 24, 2022
CVE-2022-2873 5.5 MEDIUM EPSS 0.00
Linux kernel Intel's iSMT SMBus host controller - Memory Corruption
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.
CWE-131 Aug 22, 2022
CVE-2021-38435 6.6 MEDIUM EPSS 0.00
RTI Connext DDS <6.1.0 - Buffer Overflow
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow.
CWE-131 May 05, 2022
CVE-2021-38423 6.6 MEDIUM EPSS 0.00
GurumDDS - Buffer Overflow
All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow.
CWE-131 May 05, 2022
CVE-2022-22137 6.5 MEDIUM EPSS 0.00
Accusoft ImageGear <19.10 - Memory Corruption
A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability.
CWE-131 May 03, 2022
CVE-2021-4206 8.2 HIGH EPSS 0.00
QEMU - Buffer Overflow
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
CWE-190 Apr 29, 2022
CVE-2021-44510 7.5 HIGH EPSS 0.00
FIS GT.M V7.0-000 - Memory Corruption
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application.
CWE-131 Apr 15, 2022
CVE-2021-40052 7.5 HIGH EPSS 0.00
Video Framework - Buffer Overflow
There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploitation of this vulnerability may affect availability.
CWE-131 Mar 10, 2022
CVE-2021-40048 7.5 HIGH EPSS 0.00
Video Framework - Buffer Overflow
There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability.
CWE-131 Mar 10, 2022
CVE-2021-40526 4.8 MEDIUM EPSS 0.01
Peleton TTR01 <PTV55G - DoS
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike
CWE-131 Oct 25, 2021
CVE-2020-36475 7.5 HIGH EPSS 0.01
ARM Mbed TLS < 2.7.18 - Denial of Service
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.
CWE-131 Aug 23, 2021
CVE-2021-22415 7.5 HIGH EPSS 0.00
Huawei Smartphone - Buffer Overflow
There is an Incorrect Calculation of Buffer Size Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause kernel exceptions with the code.
CWE-131 Aug 02, 2021
CVE-2021-22392 7.5 HIGH EPSS 0.00
Huawei Smartphone - Buffer Overflow
There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses.
CWE-131 Aug 02, 2021
CVE-2021-22391 7.5 HIGH EPSS 0.00
Huawei Smartphone - Buffer Overflow
There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
CWE-131 Aug 02, 2021
CVE-2021-21793 8.8 HIGH EPSS 0.00
Accusoft Imagegear - Out-of-Bounds Write
An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
CWE-131 Jul 08, 2021
CVE-2021-21824 9.8 CRITICAL EPSS 0.00
Accusoft Imagegear - Out-of-Bounds Write
An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
CWE-131 Jun 11, 2021
CVE-2020-11240 7.8 HIGH EPSS 0.00
Snapdragon Auto - Memory Corruption
Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for the copy of the user argument in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE-131 Jun 09, 2021
CVE-2021-3491 7.8 HIGH EPSS 0.00
Linux Kernel < 5.10.37 - Out-of-Bounds Write
The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b ("io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c ("io_uring: add IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1).
CWE-131 Jun 04, 2021

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF