CVE & Exploit Intelligence Database

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,271 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,547 researchers
403 results Clear all
CVE-2022-26384 9.6 CRITICAL EPSS 0.00
Firefox <98, Firefox ESR <91.7, Thunderbird <91.7 - XSS
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
CWE-693 Dec 22, 2022
CVE-2022-22761 8.8 HIGH EPSS 0.00
Firefox < 97, Thunderbird < 91.6, Firefox ESR < 91.6 - Info Disclosure
Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
CWE-693 Dec 22, 2022
CVE-2022-22759 9.6 CRITICAL EPSS 0.00
Firefox < 97, Thunderbird < 91.6, Firefox ESR < 91.6 - XSS
If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
CWE-693 Dec 22, 2022
CVE-2022-20562 3.3 LOW EPSS 0.00
Android - Info Disclosure
In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231630423References: N/A
CWE-693 Dec 16, 2022
CVE-2022-46698 6.5 MEDIUM EPSS 0.01
Safari <16.2 - Info Disclosure
A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information.
CWE-693 Dec 15, 2022
CVE-2022-42848 7.8 HIGH EXPLOITED EPSS 0.00
Apple Ipados < 15.7.2 - Denial of Service
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.
CWE-693 Dec 15, 2022
CVE-2022-42821 5.5 MEDIUM EPSS 0.00
macOS <12.6.2-13 - Info Disclosure
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks.
CWE-693 Dec 15, 2022
CVE-2022-32537 4.8 MEDIUM EPSS 0.00
Medtronic - Info Disclosure
A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance
CWE-693 Dec 12, 2022
CVE-2021-31608 4.3 MEDIUM EPSS 0.00
Proofpoint Enterprise Protection <18.8.0 - Auth Bypass
Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.
CWE-693 Nov 17, 2022
CVE-2022-33942 8.8 HIGH EPSS 0.00
Intel(R) DCM <5.0 - Privilege Escalation
Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CWE-693 Nov 11, 2022
CVE-2022-27516 5.3 MEDIUM EPSS 0.00
User Login <brute-force Protection - Auth Bypass
User login brute force protection functionality bypass
CWE-307 Nov 08, 2022
CVE-2022-42801 7.8 HIGH EPSS 0.00
Apple Ipados < 5.7.1 - Denial of Service
A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary code with kernel privileges.
CWE-693 Nov 01, 2022
CVE-2022-32910 7.5 HIGH EPSS 0.00
macOS - Info Disclosure
A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.8, macOS Monterey 12.5, Security Update 2022-005 Catalina. An archive may be able to bypass Gatekeeper.
CWE-693 Nov 01, 2022
CVE-2022-43435 5.3 MEDIUM EPSS 0.01
Jenkins 360 FireLine Plugin <1.7.2 - Info Disclosure
Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
CWE-693 Oct 19, 2022
CVE-2022-43434 5.3 MEDIUM EPSS 0.01
Jenkins NeuVector Vuln Scanner <1.20 - Info Disclosure
Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
CWE-693 Oct 19, 2022
CVE-2022-43433 4.3 MEDIUM EPSS 0.01
Jenkins ScreenRecorder Plugin <0.7 - Info Disclosure
Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
CWE-693 Oct 19, 2022
CVE-2022-43432 4.3 MEDIUM EPSS 0.01
Jenkins XFramium Builder Plugin <1.0.22 - XSS
Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
CWE-693 Oct 19, 2022
CVE-2022-43424 5.3 MEDIUM EPSS 0.01
Jenkins Compuware Xpediter Code Coverage Plugin <1.0.7 - Info Discl...
Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
CWE-693 Oct 19, 2022
CVE-2022-43422 5.3 MEDIUM EPSS 0.01
Jenkins Compuware Topaz Utilities Plugin <1.0.8 - Info Disclosure
Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process.
CWE-693 Oct 19, 2022
CVE-2022-20464 5.5 MEDIUM EPSS 0.00
Android - Info Disclosure
In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236042696References: N/A
CWE-693 Oct 14, 2022

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF