Exploit Intelligence Platform

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,480 CVEs tracked 53,336 with exploits 4,748 exploited in wild 1,551 CISA KEV 3,947 Nuclei templates 49,227 vendors 42,821 researchers
42,625 results Clear all
CVE-2014-0330 EPSS 0.01
Dell KACE K1000 <5.5.90545 - XSS
Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter.
CWE-79 Feb 06, 2014
CVE-2013-7321 EPSS 0.00
D-Link DAP-2253 - XSS
Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Feb 06, 2014
CVE-2013-7319 1 PoC Analysis EPSS 0.05
WordPress Download Mgr <2.5.9 - XSS
Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.
CWE-79 Feb 06, 2014
CVE-2013-5983 EPSS 0.00
Guppy < 4.6.27 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in GuppY before 4.6.28 allow remote attackers to inject arbitrary web script or HTML via the (1) "an" parameter to agenda.php or (2) cat parameter to mobile/thread.php.
CWE-79 Feb 06, 2014
CVE-2013-1880 EPSS 0.01
Apache Activemq < 5.8.0 - XSS
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.
CWE-79 Feb 05, 2014
CVE-2011-3344 EPSS 0.00
Redhat Network Satellite - XSS
Cross-site scripting (XSS) vulnerability in the Lookup Login/Password form in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the URI.
CWE-79 Feb 05, 2014
CVE-2011-2927 EPSS 0.00
Redhat Network Satellite - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via vectors related to Search forms.
CWE-79 Feb 05, 2014
CVE-2011-2920 EPSS 0.00
Redhat Network Satellite - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via the "Filter by Synopsis" field and other unspecified filter forms.
CWE-79 Feb 05, 2014
CVE-2011-2919 EPSS 0.00
Redhat Network Satellite - XSS
Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page.
CWE-79 Feb 05, 2014
CVE-2014-1403 EPSS 0.01
Easyxdm < 2.4.18 - XSS
Cross-site scripting (XSS) vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value.
CWE-79 Feb 05, 2014
CVE-2013-3639 1 PoC Analysis EPSS 0.06
Xaraya < 2.4.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmodule parameter to index.php.
CWE-79 Feb 05, 2014
CVE-2013-1967 1 Writeup EPSS 0.01
Mediaelementjs Mediaelement.js < 2.11.1 - XSS
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CWE-79 Feb 05, 2014
CVE-2013-1470 EPSS 0.00
Geeklog - XSS
Cross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendar_type parameter to submit.php.
CWE-79 Feb 05, 2014
CVE-2013-1466 1 PoC Analysis EPSS 0.09
Glfusion < 1.2.2.pl3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/.
CWE-79 Feb 05, 2014
CVE-2014-1458 EPSS 0.00
Fortinet Fortiweb < 5.0.3 - XSS
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Feb 04, 2014
CVE-2013-7182 EPSS 0.01
Fortinet FortiOS 5.0.5 - XSS
Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter.
CWE-79 Feb 04, 2014
CVE-2013-7181 EPSS 0.01
Fortinet FortiOS 5.0.3 - XSS
Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
CWE-79 Feb 04, 2014
CVE-2013-6033 EPSS 0.00
Lexmark C52x < ls.fa.p150 - XSS
Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field.
CWE-79 Feb 04, 2014
CVE-2013-0234 1 Writeup EPSS 0.01
Elgg < 1.7.16 - XSS
Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_username] parameter to action/widgets/save.
CWE-79 Feb 02, 2014
CVE-2014-0832 EPSS 0.00
IBM Financial Transaction Manager - XSS
Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted text value.
CWE-79 Feb 01, 2014

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-43520
Apple - Memory Corruption
 CVE-2025-43510
Apple - Memory Corruption
 CVE-2025-31277
Apple Safari < 18.6 - Memory Corruption
 CVE-2026-20963
Microsoft Office SharePoint - Code Injection
 CVE-2025-66376
Zimbra Collaboration <10.0.18, <10.1.13 - XSS
 CVE-2025-47813
Wftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
 CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal