CVE & Exploit Intelligence Database

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,867 CVEs tracked 53,243 with exploits 4,725 exploited in wild 1,540 CISA KEV 3,925 Nuclei templates 37,802 vendors 42,500 researchers
256 results Clear all
CVE-2025-24567 6.5 MEDIUM EPSS 0.00
WP Mailster <1.8.16.0 - Info Disclosure
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data. This issue affects WP Mailster: from n/a through 1.8.16.0.
CWE-201 Feb 14, 2025
CVE-2025-24639 6.5 MEDIUM EPSS 0.00
GREYS Korea for WooCommerce <1.1.11 - Info Disclosure
Insertion of Sensitive Information Into Sent Data vulnerability in GREYS Korea for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Korea for WooCommerce: from n/a through 1.1.11.
CWE-201 Feb 03, 2025
CVE-2025-24597 6.5 MEDIUM EPSS 0.00
UkrSolution Barcode Generator for WooCommerce <2.0.2 - Info Disclosure
Insertion of Sensitive Information Into Sent Data vulnerability in UkrSolution Barcode Generator for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.2.
CWE-201 Jan 31, 2025
CVE-2025-24858 EPSS 0.00
Develocity <2024.3.1 - Info Disclosure
Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and provides some protection against brute-force attempts. The applicable severity of this vulnerability depends on whether a Develocity server is accessible by external or unauthorized users, and the complexity of the System User password.
CWE-201 Jan 26, 2025
CVE-2023-38013 5.3 MEDIUM EPSS 0.00
IBM Cloud Pak System <2.3.3.7 - Info Disclosure
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information in HTTP responses that could aid in further attacks against the system.
CWE-201 Jan 25, 2025
CVE-2025-24582 5.3 MEDIUM NUCLEI EPSS 0.05
Code for Recovery <3.16.5 - Info Disclosure
Insertion of Sensitive Information Into Sent Data vulnerability in Code for Recovery 12 Step Meeting List allows Retrieve Embedded Sensitive Data. This issue affects 12 Step Meeting List: from n/a through 3.16.5.
CWE-201 Jan 24, 2025
CVE-2025-23781 7.5 HIGH EPSS 0.00
WM Options Import Export <1.0.1 - Info Disclosure
Insertion of Sensitive Information Into Sent Data vulnerability in NotFound WM Options Import Export allows Retrieve Embedded Sensitive Data. This issue affects WM Options Import Export: from n/a through 1.0.1.
CWE-201 Jan 22, 2025
CVE-2025-23774 7.5 HIGH EPSS 0.00
NotFound WPDB to Sql <1.2 - Info Disclosure
Insertion of Sensitive Information Into Sent Data vulnerability in NotFound WPDB to Sql allows Retrieve Embedded Sensitive Data. This issue affects WPDB to Sql: from n/a through 1.2.
CWE-201 Jan 22, 2025
CVE-2024-45653 4.3 MEDIUM EPSS 0.00
IBM Sterling Connect:Direct Web Services <6.4 - Info Disclosure
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system.
CWE-201 Jan 19, 2025
CVE-2024-50633 NONE 1 PoC Analysis EPSS 0.09
Indico <3.3.5 - Info Disclosure
A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain information about other user accounts (this functionality is, in the current design, not restricted to any privileged roles such as event organizer).
CWE-201 Jan 16, 2025
CVE-2024-46665 3.7 LOW EPSS 0.00
FortiOS <7.6.0 - Info Disclosure
An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests.
CWE-201 Jan 14, 2025
CVE-2024-13276 7.5 HIGH EPSS 0.00
Drupal File Entity <7.X-2.39 - Info Disclosure
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39.
CWE-201 Jan 09, 2025
CVE-2024-13269 5.3 MEDIUM EPSS 0.00
Drupal Advanced Varnish <4.0.11 - Info Disclosure
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11.
CWE-201 Jan 09, 2025
CVE-2024-13259 7.5 HIGH EPSS 0.00
Drupal Image Sizes <3.0.2 - Info Disclosure
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2.
CWE-201 Jan 09, 2025
CVE-2024-13254 7.5 HIGH EPSS 0.00
Drupal REST Views <3.0.1 - Info Disclosure
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1.
CWE-201 Jan 09, 2025
CVE-2025-22303 5.3 MEDIUM EPSS 0.00
WP Mailster <1.8.17.0 - Info Disclosure
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0.
CWE-201 Jan 07, 2025
CVE-2024-56300 7.5 HIGH EPSS 0.01
WPSpins Post/Page Copying Tool <2.0.0 - Info Disclosure
Insertion of Sensitive Information Into Sent Data vulnerability in WPSpins Post/Page Copying Tool allows Retrieve Embedded Sensitive Data.This issue affects Post/Page Copying Tool: from n/a through 2.0.0.
CWE-201 Jan 07, 2025
CVE-2024-8429 4.3 MEDIUM EPSS 0.00
WiFiBurada <1.0.5 - Auth Bypass
Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5.
CWE-201 Dec 17, 2024
CVE-2024-54309 6.5 MEDIUM EPSS 0.01
wpdebuglog PostBox <1.0.4 - Info Disclosure
Insertion of Sensitive Information Into Sent Data vulnerability in wpdebuglog PostBox allows Retrieve Embedded Sensitive Data.This issue affects PostBox: from n/a through 1.0.4.
CWE-201 Dec 13, 2024
CVE-2024-53804 7.5 HIGH EPSS 0.00
WP Mailster <1.8.16.0 - Info Disclosure
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0.
CWE-201 Dec 06, 2024

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
CVE-2025-15467: From OpenSSL Stack Overflow to Three ROP Chains in 64 Minutes - Introducing Stackforge
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF
 CVE-2026-21525
Microsoft Windows 10 1607 < 10.0.14393.8868 - NULL Pointer Dereference
 CVE-2026-21519
Microsoft Windows 10 1607 < 10.0.14393.8868 - Type Confusion