CVE & Exploit Intelligence Database

Updated 6h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,274 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,555 researchers
1,290 results Clear all
CVE-2019-9533 9.8 CRITICAL EPSS 0.01
Cobham EXPLORER 710 - Info Disclosure
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.
CWE-522 Oct 10, 2019
CVE-2019-0072 5.6 MEDIUM EPSS 0.00
Juniper Networks SBR <8.4.1R13, <8.5.0R4 - Info Disclosure
An Unprotected Storage of Credentials vulnerability in the identity and access management certificate generation procedure allows a local attacker to gain access to confidential information. This issue affects: Juniper Networks SBR Carrier: 8.4.1 versions prior to 8.4.1R13; 8.5.0 versions prior to 8.5.0R4.
CWE-522 Oct 09, 2019
CVE-2019-10429 5.5 MEDIUM EPSS 0.00
Jenkins Gitlab Logo < 1.0.3 - Insufficiently Protected Credentials
Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CWE-522 Sep 25, 2019
CVE-2019-10426 5.5 MEDIUM EPSS 0.00
Jenkins Gem Publisher < 1.0 - Insufficiently Protected Credentials
Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CWE-522 Sep 25, 2019
CVE-2019-10425 6.5 MEDIUM EPSS 0.00
Jenkins Google Calendar < 0.4 - Insufficiently Protected Credentials
Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CWE-522 Sep 25, 2019
CVE-2019-10424 5.5 MEDIUM EPSS 0.00
Jenkins Eloyente < 1.3 - Insufficiently Protected Credentials
Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CWE-522 Sep 25, 2019
CVE-2019-10423 5.5 MEDIUM EPSS 0.00
Jenkins Codescan < 0.11 - Insufficiently Protected Credentials
Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CWE-522 Sep 25, 2019
CVE-2019-10422 6.5 MEDIUM EPSS 0.00
Jenkins Call Remote Job - Insufficiently Protected Credentials
Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CWE-522 Sep 25, 2019
CVE-2019-10421 4.3 MEDIUM EPSS 0.00
Jenkins Azure Event Grid Notifier < 0.1 - Insufficiently Protected Credentials
Jenkins Azure Event Grid Build Notifier Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CWE-522 Sep 25, 2019
CVE-2019-10420 5.5 MEDIUM EPSS 0.00
Jenkins Assembla < 1.4 - Insufficiently Protected Credentials
Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CWE-522 Sep 25, 2019
CVE-2019-10419 5.5 MEDIUM EPSS 0.00
Jenkins Vfabric Application Director < 1.3 - Insufficiently Protected Credentials
Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CWE-522 Sep 25, 2019
CVE-2019-10416 6.5 MEDIUM EPSS 0.00
Jenkins Violation Comments TO Gitlab < 2.28 - Insufficiently Protected Credentials
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
CWE-522 Sep 25, 2019
CVE-2019-10415 6.5 MEDIUM EPSS 0.00
Jenkins Violation Comments TO Gitlab < 2.28 - Insufficiently Protected Credentials
Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
CWE-522 Sep 25, 2019
CVE-2019-10414 6.5 MEDIUM EPSS 0.00
Jenkins Git Changelog < 2.17 - Insufficiently Protected Credentials
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
CWE-522 Sep 25, 2019
CVE-2019-10413 6.5 MEDIUM EPSS 0.00
Jenkins Data Theorem Mobile App Security < 1.3 - Insufficiently Protected Credentials
Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.
CWE-522 Sep 25, 2019
CVE-2019-5505 9.8 CRITICAL EPSS 0.00
Netapp Ontap Select Deploy Administra... - Cleartext Transmission
ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext.
CWE-319 Sep 24, 2019
CVE-2019-15635 4.9 MEDIUM EPSS 0.00
Grafana - Cleartext Transmission
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana (e.g., MySQL) are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, the password for the data source is revealed and sent to the server. From a browser, a prompt to save the credentials is generated, and the password can be revealed by simply checking the "Show password" box.
CWE-319 Sep 23, 2019
CVE-2019-16649 10.0 CRITICAL 1 Writeup EPSS 0.00
Supermicro - Privilege Escalation
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC.
CWE-522 Sep 21, 2019
CVE-2019-11664 6.5 MEDIUM EPSS 0.00
Micro Focus Service Manager <9.63 - Info Disclosure
Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
CWE-522 Sep 18, 2019
CVE-2019-11663 6.5 MEDIUM EPSS 0.00
Micro Focus Service Manager <9.62 - Info Disclosure
Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
CWE-522 Sep 18, 2019

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF