CVE & Exploit Intelligence Database

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,271 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,547 researchers
1,290 results Clear all
CVE-2025-25650 9.1 CRITICAL 1 PoC Analysis EPSS 0.00
Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 - Info Disclosure
An issue in the storage of NFC card data in Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 allows attackers to produce cloned NFC cards to bypass authentication.
CWE-522 Mar 17, 2025
CVE-2025-2277 7.5 HIGH EPSS 0.00
Devolutions Server < 2025.1.3.0 - Information Disclosure
Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking.
CWE-522 Mar 13, 2025
CVE-2025-27926 4.3 MEDIUM EPSS 0.00
Nintex Automation < 5.8 - Insufficiently Protected Credentials
In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.
CWE-522 Mar 10, 2025
CVE-2024-47109 5.3 MEDIUM EPSS 0.00
IBM Sterling File Gateway <6.2.0.3 - Info Disclosure
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system.
CWE-522 Mar 10, 2025
CVE-2025-1886 EPSS 0.00
Sage 200 Spain <2025.35.000 - Info Disclosure
Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials.
CWE-522 Mar 07, 2025
CVE-2024-12799 EPSS 0.00
OpenText Identity Manager <4.8.7.0102, 4.9.0.0 - Privilege Escalation
Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects Identity Manager Advanced Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0.
CWE-522 Mar 05, 2025
CVE-2025-27650 9.8 CRITICAL EPSS 0.00
Printerlogic Vasion Print - Insufficiently Protected Credentials
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-2023-013.
CWE-522 Mar 05, 2025
CVE-2025-27648 9.8 CRITICAL EPSS 0.00
Printerlogic Vasion Print - Insufficiently Protected Credentials
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Cross Tenant Password Exposure V-2024-003.
CWE-522 Mar 05, 2025
CVE-2024-41771 7.5 HIGH EPSS 0.00
IBM Engineering Requirements Manageme... - Insufficiently Protected Credentials
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
CWE-522 Mar 03, 2025
CVE-2024-41770 7.5 HIGH EPSS 0.00
IBM Engineering Requirements Manageme... - Insufficiently Protected Credentials
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
CWE-522 Mar 03, 2025
CVE-2024-44754 6.8 MEDIUM EPSS 0.00
Minut M2 #15142 - Code Injection
Cryptographic key extraction from internal flash in Minut M2 with firmware version #15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB.
CWE-522 Feb 28, 2025
CVE-2025-25570 9.8 CRITICAL 1 Writeup NUCLEI EPSS 0.46
Vue Vben Admin - Default Credentials
Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials.
CWE-522 Feb 27, 2025
CVE-2024-38291 8.8 HIGH EPSS 0.00
XIQ-SE <24.2.11 - Privilege Escalation
In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation.
CWE-284 Feb 27, 2025
CVE-2025-0760 2.7 LOW EPSS 0.00
Product <Version> - Info Disclosure
A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption.
CWE-522 Feb 26, 2025
CVE-2024-37362 6.3 MEDIUM EPSS 0.00
Hitachi Vantara Pentaho Data Integration & Analytics <10.2.0.0-9.3....
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. (CWE-522)   Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when saving connections to RedShift.   Products must not disclose sensitive information without cause. Disclosure of sensitive information can lead to further exploitation.
CWE-522 Feb 20, 2025
CVE-2025-0867 9.9 CRITICAL EPSS 0.00
MEAC - Privilege Escalation
The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This allows a privilege escalation to the administrative level.
CWE-522 Feb 14, 2025
CVE-2025-26492 7.7 HIGH EPSS 0.00
Jetbrains Teamcity < 2024.12.2 - Insufficiently Protected Credentials
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
CWE-522 Feb 11, 2025
CVE-2024-43779 7.7 HIGH EPSS 0.00
Clearml Enterprise Server - Information Disclosure
An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.
CWE-522 Feb 06, 2025
CVE-2025-0890 9.8 CRITICAL EXPLOITED EPSS 0.01
Zyxel Vmg4325-b10a Firmware - Authentication Bypass
**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.
CWE-522 Feb 04, 2025
CVE-2024-12511 7.6 HIGH EPSS 0.00
SMB/Ftp - Info Disclosure
With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.
CWE-522 Feb 03, 2025

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF