CVE & Exploit Intelligence Database

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,867 CVEs tracked 53,243 with exploits 4,725 exploited in wild 1,540 CISA KEV 3,925 Nuclei templates 37,802 vendors 42,500 researchers
370 results Clear all
CVE-2024-32116 5.1 MEDIUM EPSS 0.00
Fortinet Fortianalyzer < 7.2.6 - Path Traversal
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.
CWE-22 Nov 12, 2024
CVE-2024-11067 7.5 HIGH EPSS 0.00
Dlink Dsl6740c Firmware - Path Traversal
The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password.
CWE-23 Nov 11, 2024
CVE-2024-50453 7.5 HIGH EPSS 0.01
Webangon The Pack Elementor Addons < 2.1.0 - Path Traversal
Relative Path Traversal vulnerability in Webangon The Pack Elementor addons allows PHP Local File Inclusion.This issue affects The Pack Elementor addons: from n/a through 2.0.9.
CWE-22 Oct 28, 2024
CVE-2024-10200 7.5 HIGH EPSS 0.01
Administrative Management System - Path Traversal
Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server.
CWE-22 Oct 21, 2024
CVE-2024-49253 8.6 HIGH EPSS 0.00
James Park Analyse Uploads <0.5 - Path Traversal
Relative Path Traversal vulnerability in James Park Analyse Uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through 0.5.
CWE-23 Oct 16, 2024
CVE-2024-47637 8.8 HIGH EPSS 0.02
LiteSpeed Technologies LiteSpeed Cache <6.4.1 - Path Traversal
: Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through 6.4.1.
CWE-22 Oct 16, 2024
CVE-2024-9983 7.5 HIGH EPSS 0.01
Enterprise Cloud Database - Info Disclosure
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
CWE-22 Oct 15, 2024
CVE-2024-45731 8.0 HIGH EPSS 0.01
Splunk < 9.1.6 - Path Traversal
In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive.
CWE-22 Oct 14, 2024
CVE-2024-9923 4.9 MEDIUM EPSS 0.00
Teamplus Team+ Pro < 14.0.0 - Path Traversal
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them.
CWE-23 Oct 14, 2024
CVE-2024-9922 7.5 HIGH EPSS 0.00
Teamplus Team+ Pro < 14.0.0 - Path Traversal
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
CWE-23 Oct 14, 2024
CVE-2024-6985 4.4 MEDIUM EPSS 0.00
Lollms < 5.9.0 - Path Traversal
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files.
CWE-23 Oct 11, 2024
CVE-2024-43614 5.5 MEDIUM EPSS 0.00
Microsoft Defender For Endpoint < 101.24052.0002 - Path Traversal
Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally.
CWE-23 Oct 08, 2024
CVE-2024-47949 4.9 MEDIUM EPSS 0.01
Jetbrains Teamcity < 2024.07.3 - Path Traversal
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
CWE-22 Oct 08, 2024
CVE-2024-47948 4.9 MEDIUM EPSS 0.00
Jetbrains Teamcity < 2024.07.3 - Path Traversal
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
CWE-22 Oct 08, 2024
CVE-2024-47769 7.5 HIGH 1 Writeup EPSS 0.01
IDURAR - Path Traversal
IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath location.
CWE-22 Oct 04, 2024
CVE-2024-20449 8.8 HIGH EPSS 0.10
Cisco Nexus Dashboard Fabric Controller - RCE
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device. This vulnerability is due to improper path validation. An attacker could exploit this vulnerability by using the Secure Copy Protocol (SCP) to upload malicious code to an affected device using path traversal techniques. A successful exploit could allow the attacker to execute arbitrary&nbsp;code in a specific container with the privileges of root.
CWE-22 Oct 02, 2024
CVE-2024-9405 5.3 MEDIUM EPSS 0.01
Pluck CMS <4.7.18 - Path Traversal
An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module, but not from recursive directories.
CWE-23 Oct 01, 2024
CVE-2024-45816 6.5 MEDIUM EPSS 0.00
Linuxfoundation Backstage < 1.10.13 - Path Traversal
Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage. This has been fixed in the 1.10.13 release of the `@backstage/plugin-techdocs-backend` package. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CWE-22 Sep 17, 2024
CVE-2024-43454 7.1 HIGH EPSS 0.29
Microsoft Windows Server 2008 < 10.0.14393.7336 - Path Traversal
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CWE-23 Sep 10, 2024
CVE-2024-38258 6.5 MEDIUM EPSS 0.01
Windows Remote Desktop < - Info Disclosure
Windows Remote Desktop Licensing Service Information Disclosure Vulnerability
CWE-23 Sep 10, 2024

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
CVE-2025-15467: From OpenSSL Stack Overflow to Three ROP Chains in 64 Minutes - Introducing Stackforge
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF
 CVE-2026-21525
Microsoft Windows 10 1607 < 10.0.14393.8868 - NULL Pointer Dereference
 CVE-2026-21519
Microsoft Windows 10 1607 < 10.0.14393.8868 - Type Confusion