CVE & Exploit Intelligence Database

Updated 56m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,123 CVEs tracked 53,219 with exploits 4,686 exploited in wild 1,539 CISA KEV 3,912 Nuclei templates 37,757 vendors 42,422 researchers
20 results Clear all
CVE-2025-55780 7.5 HIGH 1 PoC Analysis EPSS 0.00
MuPDF 1.26.4 - Memory Corruption
A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.
CWE-476 Sep 23, 2025
CVE-2025-46206 6.5 MEDIUM 1 PoC Analysis EPSS 0.00
Artifex mupdf <1.25.6-1.25.5 - DoS
An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion
CWE-674 Aug 04, 2025
CVE-2025-48708 4.0 MEDIUM 1 PoC Analysis EPSS 0.00
Artifex Ghostscript <10.05.1 - Info Disclosure
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
CWE-212 May 23, 2025
CVE-2025-27834 7.8 HIGH 1 PoC Analysis EPSS 0.00
Artifex Ghostscript < 10.05.0 - Buffer Overflow
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c.
CWE-120 Mar 25, 2025
CVE-2024-29510 6.3 MEDIUM EXPLOITED 2 PoCs Analysis EPSS 0.07
Ghostscript Command Execution via Format String
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
CWE-693 Jul 03, 2024
CVE-2023-43115 8.8 HIGH 2 PoCs Analysis EPSS 0.20
Artifex Ghostscript <10.01.2 - RCE
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
Sep 18, 2023
CVE-2023-36664 7.8 HIGH 4 PoCs Analysis EPSS 0.06
Artifex Ghostscript <10.01.2 - Privilege Escalation
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
CWE-552 Jun 25, 2023
CVE-2022-44789 8.8 HIGH 1 PoC Analysis EPSS 0.03
Artifex Mujs < 1.3.2 - Out-of-Bounds Write
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
CWE-787 Nov 23, 2022
CVE-2012-5340 7.8 HIGH 1 PoC Analysis EPSS 0.03
SumatraPDF 2.1.1/MuPDF 1.0 - Memory Corruption
SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.
CWE-190 Jan 23, 2020
CVE-2019-14811 7.8 HIGH 1 PoC Analysis EPSS 0.02
Artifex Ghostscript < 9.50 - Incorrect Authorization
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CWE-648 Sep 03, 2019
CVE-2019-6116 7.8 HIGH 1 PoC Analysis EPSS 0.68
Artifex Ghostscript < 9.26 - Remote Code Execution
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
Mar 21, 2019
CVE-2018-17961 8.6 HIGH 2 PoCs Analysis EPSS 0.11
Artifex Ghostscript < 9.25 - Error Information Exposure
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
CWE-209 Oct 15, 2018
CVE-2018-16509 7.8 HIGH EXPLOITED 6 PoCs Analysis EPSS 0.92
Artifex Ghostscript <9.24 - Privilege Escalation
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
Sep 05, 2018
CVE-2018-6191 5.5 MEDIUM 1 PoC Analysis EPSS 0.03
Artifex Mujs < 1.0.2 - Integer Overflow
The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation.
CWE-190 Jan 24, 2018
CVE-2018-5759 5.5 MEDIUM 1 PoC Analysis EPSS 0.04
Artifex MuJS <1.0.2 - DoS
jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file.
CWE-674 Jan 24, 2018
CVE-2017-8291 7.8 HIGH KEV 6 PoCs Analysis EPSS 0.93
Ghostscript Type Confusion Arbitrary Command Execution
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
CWE-843 Apr 27, 2017
CVE-2017-6060 7.8 HIGH 1 PoC Analysis EPSS 0.03
Artifex Mupdf - Out-of-Bounds Write
Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.
CWE-787 Mar 15, 2017
CVE-2017-5991 7.5 HIGH 1 PoC Analysis EPSS 0.18
Artifex Mupdf < 1.11 - NULL Pointer Dereference
An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.
CWE-476 Feb 15, 2017
CVE-2014-2013 1 PoC Analysis EPSS 0.34
MuPDF <1.3 - Buffer Overflow
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
CWE-119 Mar 03, 2014
CVE-2010-1869 1 PoC Analysis EPSS 0.21
Artifex Gpl Ghostscript - Memory Corruption
Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file.
CWE-119 May 12, 2010

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
CVE-2025-15467: From OpenSSL Stack Overflow to Three ROP Chains in 64 Minutes - Introducing Stackforge
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF
 CVE-2026-21525
Microsoft Windows 10 1607 < 10.0.14393.8868 - NULL Pointer Dereference
 CVE-2026-21519
Microsoft Windows 10 1607 < 10.0.14393.8868 - Type Confusion