Exploit Intelligence Platform

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,495 CVEs tracked 53,335 with exploits 4,748 exploited in wild 1,551 CISA KEV 3,948 Nuclei templates 49,233 vendors 42,833 researchers
111,593 results Clear all
CVE-2017-12413 6.1 MEDIUM EPSS 0.00
AXIS 2100 <2.43 - XSS
AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml.
CWE-79 Aug 04, 2017
CVE-2017-12434 6.5 MEDIUM EPSS 0.00
ImageMagick <7.0.6-1 - DoS
In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.
CWE-617 Aug 04, 2017
CVE-2017-12433 6.5 MEDIUM EPSS 0.00
ImageMagick 7.0.6-1 - DoS
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c.
CWE-772 Aug 04, 2017
CVE-2017-12432 6.5 MEDIUM EPSS 0.01
ImageMagick 7.0.6-1 - DoS
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.
CWE-770 Aug 04, 2017
CVE-2017-12431 6.5 MEDIUM EPSS 0.00
ImageMagick <7.0.6-1 - Use After Free
In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.
CWE-416 Aug 04, 2017
CVE-2017-12427 6.5 MEDIUM 1 Writeup EPSS 0.01
ImageMagick <6.9.9.5 & <7.0.6.5 - DoS
The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.
CWE-772 Aug 04, 2017
CVE-2017-1504 6.5 MEDIUM EPSS 0.00
IBM WebSphere App Server <9.0.0.4 - Info Disclosure
IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579.
Aug 03, 2017
CVE-2017-1327 6.1 MEDIUM EPSS 0.00
IBM iNotes <9.0 - XSS
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062.
CWE-79 Aug 03, 2017
CVE-2017-1199 5.4 MEDIUM EPSS 0.00
IBM InfoSphere Master Data Management Server <11.7 - XSS
IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123674.
CWE-79 Aug 03, 2017
CVE-2017-11320 6.1 MEDIUM 1 PoC Analysis EPSS 0.00
Technicolor Tc7337 Firmware - XSS
Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router.
CWE-79 Aug 03, 2017
CVE-2017-9770 5.5 MEDIUM EPSS 0.00
Razer Synapse - Memory Corruption
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse that can cause an out of bounds read operation to occur due to a field within the IOCTL data being used as a length.
CWE-125 Aug 02, 2017
CVE-2017-9467 6.1 MEDIUM EPSS 0.01
Palo Alto Networks PAN-OS <6.1.18, <7.0.16, <7.1.11, <8.0.3 - XSS
Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Aug 02, 2017
CVE-2017-9459 6.1 MEDIUM EPSS 0.01
Palo Alto Networks PAN-OS <6.1.18, <7.0.16, <7.1.11, <8.0.3 - XSS
Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Aug 02, 2017
CVE-2017-9244 6.1 MEDIUM EPSS 0.00
Trello <4.0.8 - XSS
Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a Card.
CWE-79 Aug 02, 2017
CVE-2017-7890 6.5 MEDIUM EPSS 0.25
Php < 5.6.30 - Information Disclosure
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
CWE-200 Aug 02, 2017
CVE-2017-11438 6.3 MEDIUM EPSS 0.00
Gitlab - Improper Privilege Management
GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.
CWE-269 Aug 02, 2017
CVE-2017-11437 6.5 MEDIUM EPSS 0.00
Gitlab - Incorrect Permission Assignment
GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.
CWE-732 Aug 02, 2017
CVE-2017-11356 6.5 MEDIUM 1 PoC Analysis EPSS 0.03
Pega Platform < 7.2_ml0 - Information Disclosure
The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control.
CWE-200 Aug 02, 2017
CVE-2017-11355 6.1 MEDIUM 1 PoC Analysis EPSS 0.03
Pega Platform < 7.2_ml0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page.
CWE-79 Aug 02, 2017
CVE-2017-11334 4.4 MEDIUM EPSS 0.00
Qemu < 2.9.1 - Out-of-Bounds Read
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
CWE-125 Aug 02, 2017

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised — A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2025-43520
Apple - Memory Corruption
 CVE-2025-43510
Apple - Memory Corruption
 CVE-2025-31277
Apple Safari < 18.6 - Memory Corruption
 CVE-2026-20963
Microsoft Office SharePoint - Code Injection
 CVE-2025-66376
Zimbra Collaboration <10.0.18, <10.1.13 - XSS
 CVE-2025-47813
Wftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
 CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal