CVE & Exploit Intelligence Database

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,867 CVEs tracked 53,243 with exploits 4,725 exploited in wild 1,540 CISA KEV 3,925 Nuclei templates 37,802 vendors 42,500 researchers
352 results Clear all
CVE-2023-32615 6.5 MEDIUM EPSS 0.00
Open Automation Software OAS Platform <18.00.0072 - File Write
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.
CWE-610 Sep 05, 2023
CVE-2023-4749 6.3 MEDIUM EPSS 0.00
SourceCodester Inventory Management System 1.0 - File Inclusion
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability.
CWE-73 Sep 04, 2023
CVE-2023-20234 4.4 MEDIUM EPSS 0.00
Cisco FXOS Software - Privilege Escalation
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability.
CWE-732 Aug 23, 2023
CVE-2023-35384 5.4 MEDIUM EPSS 0.00
Windows HTML Platforms < - Privilege Escalation
Windows HTML Platforms Security Feature Bypass Vulnerability
CWE-73 Aug 08, 2023
CVE-2023-4191 6.3 MEDIUM EPSS 0.00
SourceCodester Resort Reservation System 1.0 - File Inclusion
A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236234 is the identifier assigned to this vulnerability.
CWE-73 Aug 06, 2023
CVE-2023-3643 7.3 HIGH NUCLEI EPSS 0.19
Boss Mini 1.4.0 Build 6221 - File Inclusion
A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233889 was assigned to this vulnerability.
CWE-73 Jul 12, 2023
CVE-2023-35308 6.5 MEDIUM EPSS 0.01
Windows MSHTML < unknown - Privilege Escalation
Windows MSHTML Platform Security Feature Bypass Vulnerability
CWE-73 Jul 11, 2023
CVE-2023-3256 8.8 HIGH EPSS 0.00
Advantech R-SeeNet <2.4.22 - Info Disclosure
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.
CWE-610 Jun 22, 2023
CVE-2023-28603 7.7 HIGH EPSS 0.00
Zoom VDI client installer <5.14.0 - Info Disclosure
Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions.
CWE-73 Jun 13, 2023
CVE-2023-0008 4.4 MEDIUM EPSS 0.00
Palo Alto Networks PAN-OS - Info Disclosure
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.
CWE-610 May 10, 2023
CVE-2023-29324 6.5 MEDIUM EXPLOITED 1 PoC Analysis EPSS 0.02
Windows MSHTML < - Privilege Escalation
Windows MSHTML Platform Security Feature Bypass Vulnerability
CWE-73 May 09, 2023
CVE-2023-2554 7.2 HIGH 1 Writeup EPSS 0.01
unilogies/bumsys <2.2.0 - Path Traversal
External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0.
CWE-73 May 05, 2023
CVE-2023-30943 6.5 MEDIUM 3 PoCs Analysis NUCLEI EPSS 0.16
Moodle - Path Traversal
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.
CWE-610 May 02, 2023
CVE-2023-2152 5.3 MEDIUM 1 Writeup EPSS 0.00
SourceCodester Student Study Center Desk Management System 1.0 - Fi...
A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226273 was assigned to this vulnerability.
CWE-610 Apr 18, 2023
CVE-2023-1105 8.1 HIGH 1 Writeup EPSS 0.00
GitHub flatpressblog/flatpress <1.3 - Path Traversal
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.
CWE-73 Mar 01, 2023
CVE-2023-1070 7.1 HIGH 1 Writeup EPSS 0.00
nilsteampassnet/teampass <3.0.0.22 - Path Traversal
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.
CWE-73 Feb 27, 2023
CVE-2022-39952 9.8 CRITICAL EXPLOITED 6 PoCs Analysis NUCLEI EPSS 0.94
Fortinet FortiNAC keyUpload.jsp arbitrary file write
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
CWE-668 Feb 16, 2023
CVE-2023-21566 7.8 HIGH EPSS 0.04
Visual Studio - Privilege Escalation
Visual Studio Elevation of Privilege Vulnerability
CWE-73 Feb 14, 2023
CVE-2023-21800 7.8 HIGH EPSS 0.01
Windows Installer < - Privilege Escalation
Windows Installer Elevation of Privilege Vulnerability
CWE-73 Feb 14, 2023
CVE-2023-0003 6.5 MEDIUM EPSS 0.01
Palo Alto Networks Cortex XSOAR - Info Disclosure
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
CWE-610 Feb 08, 2023

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
CVE-2025-15467: From OpenSSL Stack Overflow to Three ROP Chains in 64 Minutes - Introducing Stackforge
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF
 CVE-2026-21525
Microsoft Windows 10 1607 < 10.0.14393.8868 - NULL Pointer Dereference
 CVE-2026-21519
Microsoft Windows 10 1607 < 10.0.14393.8868 - Type Confusion