CVE & Exploit Intelligence Database

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,123 CVEs tracked 53,219 with exploits 4,686 exploited in wild 1,539 CISA KEV 3,912 Nuclei templates 37,757 vendors 42,422 researchers

765 results Clear all

CVE-2002-1800 7.5 HIGH EPSS 0.00

Phprank - Cleartext Storage

phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.

CWE-312 Dec 31, 2002

CVE-2002-1696 5.5 MEDIUM EPSS 0.00

PGP Personal Privacy - Cleartext Storage

Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.

CWE-312 Dec 31, 2002

CVE-2001-1537 7.5 HIGH EPSS 0.00

TWIG webmail <2.7.4 - Info Disclosure

The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.

CWE-312 Dec 31, 2001

CVE-2001-1536 7.5 HIGH EPSS 0.01

Autogalaxy - Info Disclosure

Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.

CWE-312 Dec 31, 2001

CVE-2001-1481 9.8 CRITICAL EPSS 0.02

Xitami <2.6 - Info Disclosure

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.

CWE-312 Dec 31, 2001