Exploit Intelligence Platform

Updated 5h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,234 CVEs tracked 53,343 with exploits 4,746 exploited in wild 1,546 CISA KEV 3,944 Nuclei templates 49,100 vendors 42,782 researchers
42,560 results Clear all
CVE-2012-5908 1 PoC Analysis EPSS 0.05
Mybb - XSS
Cross-site scripting (XSS) vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to inject arbitrary web script or HTML via the conditions[usergroup][] parameter in a search action to admin/index.php.
CWE-79 Nov 17, 2012
CVE-2012-5906 EPSS 0.01
Morequick Greenbrowser - XSS
Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the last visited URL in the LastVisitWriteEn function in function.js.
CWE-79 Nov 17, 2012
CVE-2012-5903 1 PoC Analysis EPSS 0.02
Simple Machines Smf - XSS
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php.
CWE-79 Nov 17, 2012
CVE-2012-5902 EPSS 0.00
Dflabs Ptk - XSS
Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php in DFLabs PTK 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the arg4 parameter.
CWE-79 Nov 17, 2012
CVE-2012-5899 1 PoC Analysis EPSS 0.07
Samedia Landshop - XSS
Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit action. NOTE: some of these details are obtained from third party information.
CWE-79 Nov 17, 2012
CVE-2012-5889 EPSS 0.00
Alex Kellner Powermail < 1.6.4 - XSS
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Nov 17, 2012
CVE-2012-5888 EPSS 0.00
Benjamin Mack Seo Basics < 0.8.1 - XSS
Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Nov 17, 2012
CVE-2012-5856 EPSS 0.00
Uk-cookie - XSS
Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Nov 17, 2012
CVE-2012-5883 EPSS 0.01
Mozilla Bugzilla - XSS
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.
CWE-79 Nov 16, 2012
CVE-2012-5882 EPSS 0.00
Yahoo Yui - XSS
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.
CWE-79 Nov 16, 2012
CVE-2012-5881 EPSS 0.00
Yahoo Yui - XSS
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.
CWE-79 Nov 16, 2012
CVE-2012-4189 EPSS 0.00
Mozilla Bugzilla - XSS
Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field.
CWE-79 Nov 16, 2012
CVE-2012-4612 EPSS 0.00
EMC RSA Data Protection Mgr <3.2.1 - XSS
Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Nov 16, 2012
CVE-2012-5851 1 PoC Analysis EPSS 0.00
Apple Webkit < 22.0.1229.96 - XSS
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.
CWE-79 Nov 15, 2012
CVE-2012-4955 EPSS 0.01
Dell OMSA <6.5.0.1-7.1.0.1 - XSS
Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Nov 15, 2012
CVE-2012-4851 EPSS 0.00
IBM WebSphere App Server <8.5.0.1 - XSS
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.
CWE-79 Nov 14, 2012
CVE-2012-4497 EPSS 0.00
Devsaran Elegant Theme - XSS
Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL.
CWE-79 Nov 02, 2012
CVE-2012-4493 EPSS 0.00
ROY Baxter Better Revisions - XSS
Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Nov 02, 2012
CVE-2012-5705 EPSS 0.00
Drupal Hotblocks <6.x-1.8 - XSS
Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names."
CWE-79 Nov 01, 2012
CVE-2012-4939 1 PoC Analysis EPSS 0.10
SolarWinds Orion <3.0-HotFix1 - XSS
Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field.
CWE-79 Oct 31, 2012

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-20963
Microsoft Office SharePoint - Code Injection
 CVE-2025-66376
Zimbra Collaboration <10.0.18, <10.1.13 - XSS
 CVE-2025-47813
Wftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
 CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass