CVE & Exploit Intelligence Database

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,278 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,568 researchers
688 results Clear all
CVE-2013-4374 7.1 HIGH EPSS 0.00
Redhat Rhq Mongo DB Drift Server - Exposure to Wrong Actor
An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.
CWE-668 Nov 04, 2019
CVE-2013-4280 5.5 MEDIUM EPSS 0.00
Redhat Virtual Desktop Server Manager - Exposure to Wrong Actor
Insecure temporary file vulnerability in RedHat vsdm 4.9.6.
CWE-668 Nov 04, 2019
CVE-2005-2351 5.5 MEDIUM EPSS 0.00
Mutt < 1.5.20 - Exposure to Wrong Actor
Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.
CWE-668 Nov 01, 2019
CVE-2009-5042 9.1 CRITICAL EPSS 0.00
Python-docutils < 0.6 - Exposure to Wrong Actor
python-docutils allows insecure usage of temporary files
CWE-668 Oct 31, 2019
CVE-2019-4306 6.5 MEDIUM EPSS 0.00
IBM Security Guardium Big Data Intelligence - Info Disclosure
IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986.
CWE-668 Oct 29, 2019
CVE-2019-13546 6.8 MEDIUM EPSS 0.00
IntelliSpace Perinatal K- - Privilege Escalation
In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system.
CWE-668 Oct 25, 2019
CVE-2019-12660 5.5 MEDIUM EPSS 0.00
Cisco Ios XE - Exposure to Wrong Actor
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to modify the configuration of the device to cause it to be non-secure and abnormally functioning.
CWE-668 Sep 25, 2019
CVE-2019-16518 4.3 MEDIUM 1 PoC Analysis EPSS 0.00
Swell Kit Mod - Info Disclosure
An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values.
CWE-668 Sep 23, 2019
CVE-2019-15138 7.5 HIGH EPSS 0.00
Html-pdf < 3.0.1 - Exposure to Wrong Actor
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CWE-668 Sep 20, 2019
CVE-2016-11010 5.3 MEDIUM EPSS 0.00
Usabilitydynamics Wp-invoice < 4.1.1 - Exposure to Wrong Actor
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.
CWE-668 Sep 20, 2019
CVE-2016-11009 5.3 MEDIUM EPSS 0.00
Usabilitydynamics Wp-invoice < 4.1.1 - Exposure to Wrong Actor
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.
CWE-668 Sep 20, 2019
CVE-2016-11008 5.3 MEDIUM EPSS 0.00
Usabilitydynamics Wp-invoice < 4.1.1 - Exposure to Wrong Actor
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.
CWE-668 Sep 20, 2019
CVE-2016-11007 5.3 MEDIUM EPSS 0.00
Usabilitydynamics Wp-invoice < 4.1.1 - Exposure to Wrong Actor
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.
CWE-668 Sep 20, 2019
CVE-2016-11006 5.3 MEDIUM EPSS 0.00
Usabilitydynamics Wp-invoice < 4.1.1 - Exposure to Wrong Actor
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.
CWE-668 Sep 20, 2019
CVE-2018-20947 5.5 MEDIUM EPSS 0.00
Cpanel < 62.0.39 - Exposure to Wrong Actor
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).
CWE-668 Aug 01, 2019
CVE-2016-10840 8.8 HIGH EPSS 0.01
Cpanel < 11.48.5.2 - Exposure to Wrong Actor
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).
CWE-668 Aug 01, 2019
CVE-2019-10365 4.3 MEDIUM EPSS 0.00
Google Kubernetes Engine < 0.6.2 - Exposure to Wrong Actor
Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.
CWE-668 Jul 31, 2019
CVE-2019-11728 4.7 MEDIUM EPSS 0.01
Firefox < 68 - SSRF
The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68.
CWE-668 Jul 23, 2019
CVE-2019-3970 5.5 MEDIUM EPSS 0.00
Comodo Antivirus < 12.0.0.6810 - Exposure to Wrong Actor
Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrary File Write due to Cavwp.exe handling of Comodo's Antivirus database. Cavwp.exe loads Comodo antivirus definition database in unsecured global section objects, allowing a local low privileged process to modify this data directly and change virus signatures.
CWE-668 Jul 17, 2019
CVE-2019-13379 8.8 HIGH EPSS 0.08
Avtech Room Alert 3E Firmware < 2.2.5 - Exposure to Wrong Actor
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the default credentials to get in.
CWE-668 Jul 07, 2019

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF