CVE & Exploit Intelligence Database

Updated 1h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,274 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,563 researchers
1,290 results Clear all
CVE-2023-28087 5.5 MEDIUM EPSS 0.00
HP Oneview < 6.60.04 - Insufficiently Protected Credentials
An HPE OneView appliance dump may expose OneView user accounts
CWE-522 Apr 25, 2023
CVE-2023-28086 5.5 MEDIUM EPSS 0.00
HP Oneview < 6.60.04 - Insufficiently Protected Credentials
An HPE OneView appliance dump may expose proxy credential settings
CWE-522 Apr 25, 2023
CVE-2023-30776 4.9 MEDIUM EPSS 0.00
Apache Superset < 2.0.1 - Insufficiently Protected Credentials
An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.
CWE-522 Apr 24, 2023
CVE-2023-28131 9.6 CRITICAL EPSS 0.01
Expo Software Development Kit - Insufficiently Protected Credentials
A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).
CWE-522 Apr 24, 2023
CVE-2021-33589 7.5 HIGH EPSS 0.00
Ribose RNP <0.15.1 - Info Disclosure
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm.
CWE-522 Apr 21, 2023
CVE-2023-25760 8.8 HIGH EPSS 0.00
Uniguest Tripleplay - Insufficiently Protected Credentials
Incorrect Access Control in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated user to modify other users passwords via a crafted request payload
CWE-522 Apr 19, 2023
CVE-2022-4308 6.1 MEDIUM EPSS 0.00
Secomea GateManager - Info Disclosure
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.
CWE-522 Apr 19, 2023
CVE-2023-25413 7.5 HIGH EPSS 0.00
Aten Pe8108 Firmware - Insufficiently Protected Credentials
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials.
CWE-522 Apr 11, 2023
CVE-2023-25407 7.2 HIGH EPSS 0.00
Aten Pe8108 Firmware - Insufficiently Protected Credentials
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials.
CWE-522 Apr 11, 2023
CVE-2023-1574 6.5 MEDIUM EPSS 0.00
Drevolutions Remote Desktop Manager <2023.1.9 - Info Disclosure
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text.
CWE-522 Apr 02, 2023
CVE-2022-48433 6.1 MEDIUM EPSS 0.00
Jetbrains Intellij Idea - Insufficiently Protected Credentials
In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.
CWE-522 Mar 29, 2023
CVE-2023-1518 7.8 HIGH EPSS 0.00
CP Plus KVMS Pro <2.01.0.T.190521 - Info Disclosure
CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected.  
CWE-522 Mar 28, 2023
CVE-2023-1137 6.5 MEDIUM EPSS 0.00
Deltaww Infrasuite Device Master - Insufficiently Protected Credent...
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation.
CWE-522 Mar 27, 2023
CVE-2023-25686 6.2 MEDIUM EPSS 0.00
IBM Security Key Lifecycle Manager - Insufficiently Protected Crede...
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601.
CWE-522 Mar 21, 2023
CVE-2023-0457 7.5 HIGH EPSS 0.02
Mitsubishi Electric Corporation MELSEC - Info Disclosure
Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker to disclose plaintext credentials stored in project files and login into FTP server or Web server.
CWE-522 Mar 03, 2023
CVE-2022-45599 9.8 CRITICAL 1 PoC Analysis EPSS 0.01
Aztech Wmb250ac Firmware - Insufficiently Protected Credentials
Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password.
CWE-522 Feb 22, 2023
CVE-2022-41614 5.5 MEDIUM EPSS 0.00
Intel(R) ON Event Series <2.0 - Info Disclosure
Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access.
CWE-522 Feb 16, 2023
CVE-2022-40678 7.4 HIGH EPSS 0.00
Fortinet Fortinac < 8.5.4 - Insufficiently Protected Credentials
An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords.
CWE-522 Feb 16, 2023
CVE-2022-43969 9.1 CRITICAL EPSS 0.00
Ricoh mp_c4504ex <1.06 - Info Disclosure
Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.
CWE-522 Feb 16, 2023
CVE-2023-24498 7.5 HIGH EPSS 0.00
Unspecified Web Server - Info Disclosure
An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text.
CWE-522 Feb 15, 2023

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF