CVE & Exploit Intelligence Database

Updated 1h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,274 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,563 researchers
557 results Clear all
CVE-2022-36923 7.5 HIGH EXPLOITED NUCLEI EPSS 0.33
Zohocorp Manageengine Firewall Analyzer - Improper Access Control
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.
CWE-755 Aug 10, 2022
CVE-2022-22202 6.5 MEDIUM EPSS 0.00
Juniper Networks Junos OS - DoS
An Improper Handling of Exceptional Conditions vulnerability on specific PTX Series devices, including the PTX1000, PTX3000 (NextGen), PTX5000, PTX10002-60C, PTX10008, and PTX10016 Series, in Juniper Networks Junos OS allows an unauthenticated MPLS-based attacker to cause a Denial of Service (DoS) by triggering the dcpfe process to crash and FPC to restart. On affected PTX Series devices, processing specific MPLS packets received on an interface with multiple units configured may cause FPC to restart unexpectedly. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects PTX Series devices utilizing specific FPCs found on PTX1000, PTX3000 (NextGen), PTX5000, PTX10002-60C, PTX10008, and PTX10016 Series devices, only if multiple units are configured on the ingress interface, and at least one unit has 'family mpls' *not* configured. See the configuration sample below for more information. No other platforms are affected by this vulnerability. This issue affects: Juniper Networks Junos OS on PTX Series: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.
CWE-755 Jul 20, 2022
CVE-2021-46828 7.5 HIGH EPSS 0.01
libtirpc <1.3.3rc1 - DoS
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.
CWE-755 Jul 20, 2022
CVE-2022-34643 5.5 MEDIUM EPSS 0.00
Riscv Spike Risc-v Isa Simulator - Improper Exception Handling
RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory.
CWE-755 Jul 18, 2022
CVE-2022-34641 5.5 MEDIUM EPSS 0.00
Boom-core Riscvc-boom - Improper Exception Handling
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation.
CWE-755 Jul 18, 2022
CVE-2022-34639 5.5 MEDIUM EPSS 0.00
Openhwgroup Cva6 - Improper Exception Handling
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standard fence instructions as illegal which can affect the function of the application.
CWE-755 Jul 18, 2022
CVE-2022-34637 5.5 MEDIUM EPSS 0.00
Openhwgroup Cva6 - Improper Exception Handling
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a implements an incorrect exception type when an illegal virtual address is loaded.
CWE-755 Jul 18, 2022
CVE-2022-34636 5.5 MEDIUM EPSS 0.00
Openhwgroup Cva6 - Improper Exception Handling
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMA violation occurs during address translation.
CWE-755 Jul 18, 2022
CVE-2022-34634 5.5 MEDIUM EPSS 0.00
Openhwgroup Cva6 - Improper Exception Handling
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted det instructions rather create an exception.
CWE-755 Jul 18, 2022
CVE-2022-34633 5.5 MEDIUM EPSS 0.00
Openhwgroup Cva6 - Improper Exception Handling
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted sfence.vma instructions rather create an exception.
CWE-755 Jul 18, 2022
CVE-2022-32990 5.5 MEDIUM EPSS 0.00
GNOME GIMP <2.10.30 - DoS
An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS).
CWE-755 Jun 24, 2022
CVE-2022-1965 8.1 HIGH EPSS 0.01
CODESYS - Info Disclosure
Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.
CWE-755 Jun 24, 2022
CVE-2022-27872 7.8 HIGH EPSS 0.00
Autodesk Navisworks - Improper Exception Handling
A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code.
CWE-755 Jun 21, 2022
CVE-2022-30727 6.2 MEDIUM EPSS 0.00
PersonaManagerService <SMR Jun-2022 Release 1 - Info Disclosure
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.
CWE-755 Jun 07, 2022
CVE-2022-30725 4.0 MEDIUM EPSS 0.00
Bluetooth <SMR Jun-2022 Release 1 - Info Disclosure
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
CWE-755 Jun 07, 2022
CVE-2022-30724 4.0 MEDIUM EPSS 0.00
Bluetooth <SMR Jun-2022 Release 1 - Info Disclosure
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
CWE-755 Jun 07, 2022
CVE-2022-30723 4.0 MEDIUM EPSS 0.00
Bluetooth <SMR Jun-2022 Release 1 - Info Disclosure
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
CWE-755 Jun 07, 2022
CVE-2022-30716 4.0 MEDIUM EPSS 0.00
Samsung - Info Disclosure
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.
CWE-755 Jun 07, 2022
CVE-2022-29617 6.5 MEDIUM EPSS 0.00
SAP Contributor License Agreement Ass... - Improper Exception Handling
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application.
CWE-755 Jun 06, 2022
CVE-2022-31799 9.8 CRITICAL 1 Writeup EPSS 0.00
Bottle < 0.12.20 - Improper Exception Handling
Bottle before 0.12.20 mishandles errors during early request binding.
CWE-755 Jun 02, 2022

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF