CVE & Exploit Intelligence Database

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,274 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,563 researchers
42,457 results Clear all
CVE-2007-5013 EPSS 0.00
Phormer - XSS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Phormer 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) u, (2) p, (3) c, and (4) s parameters, and other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CWE-79 Sep 20, 2007
CVE-2007-4981 EPSS 0.01
Oblius Obedit - XSS
Cross-site scripting (XSS) vulnerability in the save function in Obedit 3.03 allows user-assisted remote attackers to inject arbitrary web script or HTML via unknown vectors, as demonstrated by a SCRIPT element in an unspecified context when saving a document. NOTE: because the details of the attack are uncertain, it is unclear whether this crosses privilege boundaries.
CWE-79 Sep 19, 2007
CVE-2007-4975 1 PoC Analysis EPSS 0.05
B1gmail - XSS
Cross-site scripting (XSS) vulnerability in hilfe.php in b1gMail 6.3.1 allows remote attackers to inject arbitrary web script or HTML via the chapter parameter.
CWE-79 Sep 19, 2007
CVE-2007-4977 1 PoC Analysis EPSS 0.01
Coppermine Photo Gallery - XSS
Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.
CWE-79 Sep 19, 2007
CVE-2007-4958 EPSS 0.00
Tinywebgallery - XSS
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CWE-79 Sep 18, 2007
CVE-2007-4959 EPSS 0.00
Jelsoft Oscmax - XSS
Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CWE-79 Sep 18, 2007
CVE-2007-4945 EPSS 0.00
Jasmine Technologies Lettergrade - XSS
Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade allow remote attackers to inject arbitrary web script or HTML via (1) a student's email address, (2) the year parameter to genbrws/Student/cal_month.php3, and other unspecified vectors related to the calendar. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CWE-79 Sep 18, 2007
CVE-2007-4929 EPSS 0.00
Axis 207w Network Camera - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors.
CWE-79 Sep 18, 2007
CVE-2007-4917 1 PoC Analysis EPSS 0.02
Php-stats - XSS
Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334.
CWE-79 Sep 17, 2007
CVE-2007-4912 EPSS 0.00
Invision Power Services Invision Power Board - XSS
Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8.
CWE-79 Sep 17, 2007
CVE-2007-4899 2 PoCs Analysis EPSS 0.01
Berkeley Boinc Forum < 5.10.20 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum 5.10.20 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to forum_forum.php, or the search_string parameter to forum_text_search_action.php in a (2) titles or (3) bodies search.
CWE-79 Sep 14, 2007
CVE-2007-4896 1 PoC Analysis EPSS 0.01
Toms-seiten.at Toms Gastenbuch - XSS
Multiple cross-site scripting (XSS) vulnerabilities in admin/header.php in Toms Gaestebuch 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang[adminseite], (2) lang[ueberschrift], or (3) einst[metachar] parameter, different vectors than CVE-2007-4711.
CWE-79 Sep 14, 2007
CVE-2007-4900 EPSS 0.01
RSA Envision - XSS
Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVision 3.3.6 Build 0115 allows remote attackers to inject arbitrary web script or HTML via the username field.
CWE-79 Sep 14, 2007
CVE-2007-4883 EPSS 0.00
Mediawiki - XSS
Cross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828.
CWE-79 Sep 14, 2007
CVE-2007-4882 EPSS 0.00
Techexcel. Customerwise - XSS
Multiple cross-site scripting (XSS) vulnerabilities in TechExcel CustomerWise (formerly TechExcel CRM) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Sep 14, 2007
CVE-2007-4465 6.1 MEDIUM EPSS 0.03
Apache HTTP Server <2.2.6 - XSS
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
CWE-79 Sep 14, 2007
CVE-2007-4831 EPSS 0.00
Torrenttrader - XSS
Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters.
CWE-79 Sep 12, 2007
CVE-2007-4830 EPSS 0.00
Directadmin < 1.30.2 - XSS
Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CWE-79 Sep 12, 2007
CVE-2007-4828 EPSS 0.01
Mediawiki - XSS
Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Sep 12, 2007
CVE-2007-4836 EPSS 0.01
Phpmyquote - XSS
Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action.
CWE-79 Sep 12, 2007

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF