CVE & Exploit Intelligence Database

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,274 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,555 researchers
719 results Clear all
CVE-2021-29940 9.8 CRITICAL EPSS 0.01
Through < 2021-02-18 - Double Free
An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free (in through and through_and) upon a panic of the map function.
CWE-415 Apr 01, 2021
CVE-2021-29938 7.5 HIGH EPSS 0.00
Slice-deque < 2021-02-19 - Double Free
An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function.
CWE-415 Apr 01, 2021
CVE-2021-29933 7.5 HIGH EPSS 0.00
Insert Many < 2021-01-26 - Double Free
An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics.
CWE-415 Apr 01, 2021
CVE-2021-29931 7.5 HIGH EPSS 0.00
Arenavec < 2021-01-12 - Double Free
An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon a panic in T::drop().
CWE-415 Apr 01, 2021
CVE-2021-29929 7.5 HIGH EPSS 0.00
Endian Trait < 2021-01-04 - Double Free
An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics.
CWE-415 Apr 01, 2021
CVE-2021-0397 9.8 CRITICAL 1 PoC Analysis EPSS 0.14
Android -11, 8.1, 9, 10 - RCE
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148
CWE-415 Mar 10, 2021
CVE-2021-0392 7.8 HIGH 1 PoC Analysis EPSS 0.00
Android - Memory Corruption
In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-175124730
CWE-415 Mar 10, 2021
CVE-2021-28041 7.1 HIGH 1 Writeup EPSS 0.00
ssh-agent <8.5 - Use After Free
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CWE-415 Mar 05, 2021
CVE-2021-28034 9.8 CRITICAL EPSS 0.00
stack_dst <0.6.1 - Memory Corruption
An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic.
CWE-415 Mar 05, 2021
CVE-2021-28031 9.8 CRITICAL EPSS 0.00
scratchpad <1.3.1 - Use After Free
An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function.
CWE-415 Mar 05, 2021
CVE-2021-28028 9.8 CRITICAL EPSS 0.00
toodee <0.3.0 - Memory Corruption
An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic.
CWE-415 Mar 05, 2021
CVE-2021-3403 7.8 HIGH EPSS 0.01
Ytnef - Use After Free
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
CWE-415 Mar 04, 2021
CVE-2021-27645 2.5 LOW EPSS 0.00
GNU C Library <2.34 - Use After Free
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
CWE-415 Feb 24, 2021
CVE-2021-3407 5.5 MEDIUM EPSS 0.01
Artifex Mupdf - Double Free
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
CWE-415 Feb 23, 2021
CVE-2019-19005 7.8 HIGH 1 Writeup EPSS 0.00
Autotrace 0.31.1 - Use After Free
A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182.
CWE-415 Feb 11, 2021
CVE-2021-26954 5.3 MEDIUM EPSS 0.00
Qwutils < 0.3.1 - Double Free
An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insert_slice_clone can perform a double drop.
CWE-415 Feb 09, 2021
CVE-2021-22303 3.3 LOW EPSS 0.00
Huawei Taurus-al00a Firmware - Double Free
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service.
CWE-415 Feb 06, 2021
CVE-2021-25908 7.5 HIGH EPSS 0.00
Fil-ocl < 0.19.4 - Double Free
An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From<EventList> can lead to a double free.
CWE-415 Jan 26, 2021
CVE-2021-25907 9.8 CRITICAL EPSS 0.00
Containers < 0.9.11 - Double Free
An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed.
CWE-415 Jan 26, 2021
CVE-2020-36225 7.5 HIGH EPSS 0.01
Openldap < 2.4.57 - Double Free
A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
CWE-415 Jan 26, 2021

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF