CVE & Exploit Intelligence Database

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,274 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,563 researchers
1,560 results Clear all
CVE-2022-40281 7.5 HIGH 1 Writeup EPSS 0.00
Samsung Tizenrt - Memory Leak
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure.
CWE-401 Sep 08, 2022
CVE-2022-22067 7.5 HIGH EPSS 0.00
Snapdragon Auto-Compute-Mobile - Memory Corruption
Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
CWE-401 Sep 02, 2022
CVE-2021-3574 3.3 LOW 2 Writeups EPSS 0.00
ImageMagick-7.0.11-5 - Memory Corruption
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
CWE-401 Aug 26, 2022
CVE-2021-42523 7.5 HIGH EPSS 0.00
Colord - Information Disclosure
There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.
CWE-401 Aug 25, 2022
CVE-2021-42522 7.5 HIGH EPSS 0.00
Gnome Anjuta - Information Disclosure
There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'.
CWE-401 Aug 25, 2022
CVE-2021-4213 7.5 HIGH 1 Writeup EPSS 0.00
JSS - Memory Corruption
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.
CWE-401 Aug 24, 2022
CVE-2021-3905 7.5 HIGH 1 Writeup EPSS 0.00
Openvswitch < 2.17.0 - Memory Leak
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
CWE-401 Aug 23, 2022
CVE-2021-3764 5.5 MEDIUM 1 Writeup EPSS 0.00
Linux Kernel - DoS
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
CWE-401 Aug 23, 2022
CVE-2021-3736 5.5 MEDIUM 1 Writeup EPSS 0.00
Linux kernel - Info Disclosure
A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information.
CWE-401 Aug 23, 2022
CVE-2021-3690 7.5 HIGH EPSS 0.00
Redhat Fuse < 2.0.40 - Memory Leak
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
CWE-401 Aug 23, 2022
CVE-2022-36152 5.5 MEDIUM EPSS 0.00
tifig <0.2.2 - Memory Corruption
tifig v0.2.2 was discovered to contain a memory leak via operator new[](unsigned long) at /asan/asan_new_delete.cpp.
CWE-401 Aug 16, 2022
CVE-2022-35433 6.5 MEDIUM EPSS 0.00
Ffjpeg < 2021-12-16 - Memory Leak
ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c.
CWE-401 Aug 16, 2022
CVE-2022-35110 5.5 MEDIUM EPSS 0.00
Swftools - Memory Leak
SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.
CWE-401 Aug 16, 2022
CVE-2021-33646 7.5 HIGH EPSS 0.00
libtar - Memory Leak
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
CWE-401 Aug 10, 2022
CVE-2021-33645 7.5 HIGH EPSS 0.00
libtar - Memory Leak
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
CWE-401 Aug 10, 2022
CVE-2022-1012 8.2 HIGH 1 PoC EPSS 0.00
Linux Kernel < 5.18 - Memory Leak
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.
CWE-401 Aug 05, 2022
CVE-2022-35858 7.8 HIGH 1 Writeup EPSS 0.00
Samsung mTower 0.3.0 - Memory Corruption
The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount.
CWE-401 Aug 04, 2022
CVE-2022-1651 7.1 HIGH EPSS 0.00
Linux Kernel < 5.15.33 - Memory Leak
A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service.
CWE-401 Jul 26, 2022
CVE-2021-33452 5.5 MEDIUM EPSS 0.00
NASM <2.16rc0 - Memory Corruption
An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.
CWE-401 Jul 26, 2022
CVE-2021-33451 5.5 MEDIUM EPSS 0.00
lrzip <0.641 - Memory Corruption
An issue was discovered in lrzip version 0.641. There are memory leaks in fill_buffer() in stream.c.
CWE-401 Jul 26, 2022

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF