CVE & Exploit Intelligence Database

Updated 37m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,280 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,569 researchers
1,099 results Clear all
CVE-2023-40596 7.0 HIGH EPSS 0.00
Splunk Enterprise <8.2.12-9.1.1 - Privilege Escalation
In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. An attacker can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.
CWE-665 Aug 30, 2023
CVE-2023-3252 6.8 MEDIUM EPSS 0.00
Tenable Nessus < 10.6.0 - Uncontrolled Search Path
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.
CWE-427 Aug 29, 2023
CVE-2023-40352 7.2 HIGH EPSS 0.00
Mcafee Safe Connect < 2.16.1.126 - Uncontrolled Search Path
McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.
CWE-427 Aug 21, 2023
CVE-2023-3078 7.8 HIGH EPSS 0.00
Lenovo UDC - Privilege Escalation
An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
CWE-427 Aug 17, 2023
CVE-2022-4894 7.3 HIGH EPSS 0.00
HP and Samsung Printers - Privilege Escalation
Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element.
CWE-427 Aug 16, 2023
CVE-2023-34355 6.7 MEDIUM EPSS 0.00
Intel Integrated Bmc Video Driver < 1.13.4 - Uncontrolled Search Path
Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access.
CWE-427 Aug 11, 2023
CVE-2023-29151 6.7 MEDIUM EPSS 0.00
Intel(R) PSR SDK <1.0.0.20 - Privilege Escalation
Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.
CWE-427 Aug 11, 2023
CVE-2023-28823 6.7 MEDIUM EPSS 0.00
Intel oneAPI Toolkit <4.3.1.493 - Privilege Escalation
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.
CWE-427 Aug 11, 2023
CVE-2023-28405 6.7 MEDIUM EPSS 0.00
Intel Openvino < 2022.3.0 - Uncontrolled Search Path
Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CWE-427 Aug 11, 2023
CVE-2023-28380 8.8 HIGH EPSS 0.00
Intel AI Hackathon < 2.0.0 - Uncontrolled Search Path
Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CWE-427 Aug 11, 2023
CVE-2023-25944 6.7 MEDIUM EPSS 0.00
Intel Vcust Tool < 2023-02-03 - Uncontrolled Search Path
Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access.
CWE-427 Aug 11, 2023
CVE-2023-25182 4.2 MEDIUM EPSS 0.00
Intel Unite < 4.2.11 - Uncontrolled Search Path
Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
CWE-427 Aug 11, 2023
CVE-2023-24016 6.7 MEDIUM EPSS 0.00
Intel(R) Quartus(R) Prime - Privilege Escalation
Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access.
CWE-427 Aug 11, 2023
CVE-2023-23577 6.7 MEDIUM EPSS 0.00
Intel Ite Tech Consumer Infrared Driver - Uncontrolled Search Path
Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.
CWE-427 Aug 11, 2023
CVE-2023-22841 6.7 MEDIUM EPSS 0.00
Intel Server Firmware Update Utility - Uncontrolled Search Path
Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
CWE-428 Aug 11, 2023
CVE-2022-43456 6.7 MEDIUM EPSS 0.00
Intel(R) RST <16.8.5.1014.5-19.5.2.1049.5 - Privilege Escalation
Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CWE-427 Aug 11, 2023
CVE-2022-25864 6.7 MEDIUM EPSS 0.00
Intel Oneapi Math Kernel Library < 2022.0 - Uncontrolled Search Path
Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CWE-427 Aug 11, 2023
CVE-2022-47636 7.8 HIGH 1 PoC Analysis EPSS 0.00
Outsystems Service Studio - Uncontrolled Search Path
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.
CWE-427 Aug 10, 2023
CVE-2023-36344 7.8 HIGH EPSS 0.00
Diebold Nixdorf Vynamic View Console <5.3.1 - Code Injection
An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.
CWE-427 Aug 08, 2023
CVE-2021-41544 7.8 HIGH EPSS 0.00
Siemens Software Center < 3.0 - Uncontrolled Search Path
A vulnerability has been identified in Siemens Software Center (All versions < V3.0). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.
CWE-427 Aug 08, 2023

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF