CVE & Exploit Intelligence Database

Updated 1h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,123 CVEs tracked 53,223 with exploits 4,686 exploited in wild 1,539 CISA KEV 3,912 Nuclei templates 37,757 vendors 42,429 researchers
67 results Clear all
CVE-2024-50563 7.3 HIGH EPSS 0.00
Fortinet FortiManager/FortiAnalyzer <7.6.1/7.4.3 - RCE
A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.
CWE-1390 Jan 16, 2025
CVE-2024-48886 9.0 CRITICAL EPSS 0.00
Fortinet FortiOS <7.4.15 - RCE
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.
CWE-1390 Jan 14, 2025
CVE-2024-13239 9.8 CRITICAL EPSS 0.00
Drupal TFA <1.5.0 - Auth Bypass
Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.
CWE-1390 Jan 09, 2025
CVE-2024-47397 7.5 HIGH EPSS 0.00
AE1021 <2.0.10 - Auth Bypass
Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypassed with an undocumented specific string.
CWE-1390 Dec 18, 2024
CVE-2023-41862 5.3 MEDIUM EPSS 0.00
Guido VS Contact Form <14.0 - Auth Bypass
Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue affects VS Contact Form: from n/a through 14.0.
CWE-1390 Dec 13, 2024
CVE-2024-49019 7.8 HIGH 1 PoC Analysis EPSS 0.06
Active Directory Certificate Services - Privilege Escalation
Active Directory Certificate Services Elevation of Privilege Vulnerability
CWE-1390 Nov 12, 2024
CVE-2024-45367 9.1 CRITICAL EPSS 0.00
ONS-S8 - Spectra Aggregation Switch - Auth Bypass
The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password.
CWE-1390 Oct 03, 2024
CVE-2024-47127 6.5 MEDIUM EPSS 0.00
goTenna Pro App - Code Injection
In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. It is advised to share encryption keys via QR scanning for higher security operations and update your app to the current release for enhanced encryption protocols.
CWE-1390 Sep 26, 2024
CVE-2024-41722 6.5 MEDIUM EPSS 0.00
goTenna Pro ATAK Plugin - Code Injection
In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. It is advised to use encryption shared with local QR code for higher security operations.
CWE-1390 Sep 26, 2024
CVE-2024-8322 4.3 MEDIUM EPSS 0.02
Ivanti EPM <2022 SU6-2024 September - Auth Bypass
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.
CWE-1390 Sep 10, 2024
CVE-2024-38239 7.2 HIGH EPSS 0.04
Windows Kerberos - Privilege Escalation
Windows Kerberos Elevation of Privilege Vulnerability
CWE-1390 Sep 10, 2024
CVE-2024-38182 9.0 CRITICAL EPSS 0.02
Microsoft Dynamics 365 - Privilege Escalation
Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
CWE-1390 Jul 31, 2024
CVE-2024-6580 6.5 MEDIUM EPSS 0.00
IPWorks SSH <24.0.8945 - Path Traversal
The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public key or certificate (which would most likely be a separate vulnerability in the calling application). IPWorks SSH versions 22.0.8945 and 24.0.8945 were released to address this condition by blocking all filesystem and network path requests for SSH public keys or certificates.
CWE-1390 Jul 08, 2024
CVE-2024-39848 9.1 CRITICAL EPSS 0.00
Internet2 Grouper <5.6 - Auth Bypass
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web Services" before 4.13.1.
CWE-1390 Jun 29, 2024
CVE-2024-29038 4.3 MEDIUM EPSS 0.00
tpm2-tools - Info Disclosure
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.
CWE-1390 Jun 28, 2024
CVE-2024-34451 9.1 CRITICAL EPSS 0.01
Ghost <5.85.1 - Auth Bypass
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers.
CWE-1390 Jun 16, 2024
CVE-2024-5891 4.2 MEDIUM EPSS 0.00
Quay - Auth Bypass
A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, in configurations where endpoints rely only on authentication, a user may authenticate to applications they otherwise have no access to.
CWE-1390 Jun 12, 2024
CVE-2024-35248 7.3 HIGH EPSS 0.02
Microsoft Dynamics 365 Business Central - Authentication Bypass
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
CWE-1390 Jun 11, 2024
CVE-2024-36787 8.8 HIGH EPSS 0.00
Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 - Auth Bypass
An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.
CWE-1390 Jun 07, 2024
CVE-2024-29837 8.8 HIGH EPSS 0.00
Evolution Controller <2.04.560.31.03.2024 - Info Disclosure
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in.
CWE-284 Apr 15, 2024

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
CVE-2025-15467: From OpenSSL Stack Overflow to Three ROP Chains in 64 Minutes - Introducing Stackforge
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF
 CVE-2026-21525
Microsoft Windows 10 1607 < 10.0.14393.8868 - NULL Pointer Dereference
 CVE-2026-21519
Microsoft Windows 10 1607 < 10.0.14393.8868 - Type Confusion