CVE & Exploit Intelligence Database

Updated 23m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,123 CVEs tracked 53,223 with exploits 4,686 exploited in wild 1,539 CISA KEV 3,912 Nuclei templates 37,757 vendors 42,429 researchers
2,156 results Clear all
CVE-2026-28789 7.5 HIGH 1 Writeup EPSS 0.00
OliveTin <3000.10.3 - DoS
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map, causing a Go runtime panic (fatal error: concurrent map writes) and process termination. This allows remote attackers to crash the service when OAuth2 is enabled. This issue has been patched in version 3000.10.3.
CWE-400 Mar 05, 2026
CVE-2026-28551 4.7 MEDIUM EPSS 0.00
Device Security Module - DoS
Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability.
CWE-362 Mar 05, 2026
CVE-2026-28549 6.6 MEDIUM EPSS 0.00
Permission Management Service - DoS
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.
CWE-362 Mar 05, 2026
CVE-2026-28550 4.0 MEDIUM EPSS 0.00
Security Control Module - DoS
Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability.
CWE-840 Mar 05, 2026
CVE-2026-28545 5.9 MEDIUM EPSS 0.00
Printing Module - DoS
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.
CWE-362 Mar 05, 2026
CVE-2026-28544 6.2 MEDIUM EPSS 0.00
Printing Module - DoS
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.
CWE-362 Mar 05, 2026
CVE-2026-28543 4.4 MEDIUM EPSS 0.00
Maintenance and Diagnostics Module - DoS
Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability.
CWE-362 Mar 05, 2026
CVE-2026-25674 3.7 LOW EPSS 0.00
Django 6.0-6.0.2,5.2-5.2.11,4.2-4.2.28 - Privilege Escalation
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's temporary `umask` change affects other threads in multi-threaded environments. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.
CWE-362 Mar 03, 2026
CVE-2025-48641 7.0 HIGH EPSS 0.00
Nfc.h - Use After Free
In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CWE-362 Mar 02, 2026
CVE-2025-48577 7.4 HIGH EPSS 0.00
KeyguardViewMediator - Privilege Escalation
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CWE-362 Mar 02, 2026
CVE-2025-48568 7.4 HIGH EPSS 0.00
Android - Privilege Escalation
In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CWE-362 Mar 02, 2026
CVE-2026-0995 3.6 LOW EPSS 0.00
Arm C1-Pro <r1p2-50eac0 - Memory Corruption
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME.
CWE-362 Mar 02, 2026
CVE-2026-2802 4.2 MEDIUM EPSS 0.00
Firefox <148 - Memory Corruption
Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
CWE-362 Feb 24, 2026
CVE-2026-27189 6.6 MEDIUM EPSS 0.00
OpenSift <=1.1.2-alpha - Memory Corruption
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state across sessions/study/quiz/flashcard/wellness/auth stores. This issue has been fixed in version 1.1.3-alpha.
CWE-367 Feb 21, 2026
CVE-2026-26201 7.5 HIGH 1 Writeup EPSS 0.00
emp3r0r <3.21.2 - DoS
emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger `fatal error: concurrent map read and map write`, causing C2 process crash (availability loss). Version 3.21.2 fixes this issue.
CWE-362 Feb 19, 2026
CVE-2026-20677 9.0 CRITICAL EPSS 0.00
macOS Tahoe <26.3 - Info Disclosure
A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. A shortcut may be able to bypass sandbox restrictions.
CWE-367 Feb 11, 2026
CVE-2026-20617 7.0 HIGH EPSS 0.00
Apple watchOS <26.3 - Privilege Escalation
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to gain root privileges.
CWE-362 Feb 11, 2026
CVE-2026-2319 7.5 HIGH EPSS 0.00
Google Chrome <145.0.7632.45 - RCE
Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)
CWE-362 Feb 11, 2026
CVE-2025-69871 8.1 HIGH 1 Writeup EPSS 0.00
MedusaJS Medusa <2.12.2 - Info Disclosure
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage limits by sending concurrent checkout requests, resulting in unlimited redemptions of limited-use promotional codes and potential financial loss.
CWE-362 Feb 11, 2026
CVE-2026-21237 7.0 HIGH EPSS 0.00
Windows Subsystem for Linux - Privilege Escalation
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CWE-416 Feb 10, 2026

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
CVE-2025-15467: From OpenSSL Stack Overflow to Three ROP Chains in 64 Minutes - Introducing Stackforge
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF
 CVE-2026-21525
Microsoft Windows 10 1607 < 10.0.14393.8868 - NULL Pointer Dereference
 CVE-2026-21519
Microsoft Windows 10 1607 < 10.0.14393.8868 - Type Confusion