CVE & Exploit Intelligence Database

Updated 5h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,831 CVEs tracked 53,332 with exploits 4,739 exploited in wild 1,545 CISA KEV 3,939 Nuclei templates 49,039 vendors 42,720 researchers
42,509 results Clear all
CVE-2011-1976 1 PoC Analysis EPSS 0.66
Microsoft Visual Studio 2005 SP1-Report Viewer 2005 SP1 - XSS
Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
CWE-79 Aug 10, 2011
CVE-2011-1263 EPSS 0.36
Microsoft Windows Server 2008 - XSS
Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
CWE-79 Aug 10, 2011
CVE-2011-2224 EPSS 0.01
Novell Data Synchronizer <1.2 - XSS
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
CWE-79 Aug 09, 2011
CVE-2011-2976 EPSS 0.00
Mozilla Bugzilla - XSS
Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, and 3.4.x before 3.4.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving a BUGLIST cookie.
CWE-79 Aug 09, 2011
CVE-2011-2379 EPSS 0.00
Mozilla Bugzilla - XSS
Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing.
CWE-79 Aug 09, 2011
CVE-2011-1340 EPSS 0.00
Plone <2.5.3 - XSS
Cross-site scripting (XSS) vulnerability in skins/plone_templates/default_error_message.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the type_name parameter to Members/ipa/createObject.
CWE-79 Aug 05, 2011
CVE-2011-2711 EPSS 0.00
Lars Hjemli Cgit < 0.9.0.2 - XSS
Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint.
CWE-79 Aug 03, 2011
CVE-2011-2642 EPSS 0.01
Phpmyadmin < 3.3.10.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name.
CWE-79 Aug 01, 2011
CVE-2011-2402 EPSS 0.01
HP Network Automation - XSS
Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Aug 01, 2011
CVE-2011-1743 EPSS 0.00
EMC Captiva eInput <2.1.1.37 - XSS
Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Aug 01, 2011
CVE-2011-2694 EPSS 0.03
Samba < 3.3.16 - XSS
Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).
CWE-79 Jul 29, 2011
CVE-2011-2400 EPSS 0.01
HP Sitescope - XSS
Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Jul 29, 2011
CVE-2011-2958 EPSS 0.01
Ecava Integraxor < 3.60.4061 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Jul 28, 2011
CVE-2011-1339 EPSS 0.00
Google Search Appliance <5.0 - XSS
Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Jul 28, 2011
CVE-2011-2710 EPSS 0.00
Joomla! < 1.6.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5.
CWE-79 Jul 27, 2011
CVE-2011-2509 EPSS 0.00
Joomla! < 1.6.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a reset.request action to index.php; and, when Internet Explorer or Konqueror is used, (5) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.
CWE-79 Jul 27, 2011
CVE-2011-0242 EPSS 0.00
Apple Safari < 5.0.5 - XSS
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username.
CWE-79 Jul 21, 2011
CVE-2010-1420 EPSS 0.00
Apple Safari <5.0.6 - XSS
Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file.
CWE-79 Jul 21, 2011
CVE-2011-2743 2 PoCs Analysis EPSS 0.17
Chyrp < 2.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php, or the (3) title or (4) body parameter to admin/help.php.
CWE-79 Jul 19, 2011
CVE-2011-0770 EPSS 0.01
HP Windows Event Log Smartconnector < 6.0.0.60023.2 - XSS
Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file.
CWE-79 Jul 19, 2011

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-20963
Microsoft Office SharePoint - Code Injection
 CVE-2025-66376
Zimbra Collaboration <10.0.18, <10.1.13 - XSS
 CVE-2025-47813
Wftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
 CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass