CVE & Exploit Intelligence Database

Updated 5h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,274 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,555 researchers
688 results Clear all
CVE-2022-23163 4.7 MEDIUM EPSS 0.00
Dell Emc Powerscale Onefs < 9.3.0 - Exposure to Wrong Actor
Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability.
CWE-379 Apr 12, 2022
CVE-2021-42255 7.8 HIGH 1 Writeup EPSS 0.00
Blueplanet-works Appguard < 6.7.100.1 - Exposure to Wrong Actor
AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissions. Local users can gain SYSTEM privileges because a repair operation relies on the %TEMP% directory of an unprivileged user.
CWE-668 Apr 12, 2022
CVE-2022-27822 6.6 MEDIUM EPSS 0.00
Google Android - Improper Access Control
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.
CWE-284 Apr 11, 2022
CVE-2022-27576 3.3 LOW EPSS 0.00
Google Android - Information Disclosure
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission
CWE-200 Apr 11, 2022
CVE-2022-22515 8.1 HIGH EPSS 0.00
CODESYS Control - Code Injection
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
CWE-668 Apr 07, 2022
CVE-2022-27818 9.1 CRITICAL 1 Writeup EPSS 0.00
Waycrate Swhkd < 1.2.0 - Exposure to Wrong Actor
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.
CWE-668 Apr 07, 2022
CVE-2022-26850 4.3 MEDIUM EPSS 0.02
Apache NiFi <1.16.0 - Info Disclosure
When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.
CWE-668 Apr 06, 2022
CVE-2022-21947 8.3 HIGH EPSS 0.00
SUSE Rancher Desktop <V. - Info Disclosure
A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V.
CWE-668 Apr 01, 2022
CVE-2022-27772 7.8 HIGH 1 PoC Analysis EPSS 0.01
Vmware Spring Boot < 2.2.11 - Exposure to Wrong Actor
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
CWE-668 Mar 30, 2022
CVE-2021-39777 5.5 MEDIUM EPSS 0.00
Google Android - Exposure to Wrong Actor
In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-194743207
CWE-668 Mar 30, 2022
CVE-2021-22572 5.5 MEDIUM EPSS 0.00
File.createTempFile - Info Disclosure
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969
CWE-377 Mar 29, 2022
CVE-2022-28160 6.5 MEDIUM EPSS 0.01
Jenkins Tests Selector < 1.3.3 - Exposure to Wrong Actor
Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller.
CWE-668 Mar 29, 2022
CVE-2022-0315 7.5 HIGH 1 Writeup EPSS 0.00
horovod <0.24.0 - Info Disclosure
Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.
CWE-377 Mar 24, 2022
CVE-2022-25041 4.3 MEDIUM EPSS 0.00
Open-emr Openemr - Exposure to Wrong Actor
OpenEMR v6.0.0 was discovered to contain an incorrect access control issue.
CWE-668 Mar 23, 2022
CVE-2021-4180 4.3 MEDIUM EPSS 0.00
Openstack Tripleo Heat Templates < 11.6.1 - Information Disclosure
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.
CWE-200 Mar 23, 2022
CVE-2021-27424 5.3 MEDIUM EPSS 0.00
GE UR <8.1x - Info Disclosure
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information.
CWE-200 Mar 23, 2022
CVE-2022-21718 3.4 LOW EPSS 0.01
Electron < 13.6.6 - Missing Authorization
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.
CWE-862 Mar 22, 2022
CVE-2022-25481 7.5 HIGH 1 Writeup NUCLEI EPSS 0.10
Thinkphp - Improper Access Control
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode.
CWE-284 Mar 21, 2022
CVE-2022-24074 9.8 CRITICAL EPSS 0.01
Whale Browser <3.12.129.18 - RCE
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
CWE-668 Mar 17, 2022
CVE-2020-4989 4.3 MEDIUM EPSS 0.00
IBM Rational Team Concert - Exposure to Wrong Actor
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707.
CWE-668 Mar 15, 2022

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF