Exploit Intelligence Platform

Updated 1h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,495 CVEs tracked 53,335 with exploits 4,748 exploited in wild 1,551 CISA KEV 3,948 Nuclei templates 49,233 vendors 42,833 researchers
111,593 results Clear all
CVE-2017-1332 6.1 MEDIUM EPSS 0.00
IBM iNotes <9.0 - XSS
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234.
CWE-79 Jul 31, 2017
CVE-2017-1303 6.1 MEDIUM EPSS 0.00
IBM WebSphere Portal & WCM <9.0 - XSS
IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457.
CWE-79 Jul 31, 2017
CVE-2016-9719 5.7 MEDIUM EPSS 0.00
IBM Infosphere Master Data Management... - Improper Input Validation
IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 119733.
CWE-20 Jul 31, 2017
CVE-2016-9718 5.4 MEDIUM EPSS 0.00
IBM Infosphere Master Data Management Server - XSS
IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119732.
CWE-79 Jul 31, 2017
CVE-2016-9717 6.5 MEDIUM EPSS 0.00
IBM Infosphere Master Data Management... - Improper Input Validation
HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited.
CWE-20 Jul 31, 2017
CVE-2016-9715 5.4 MEDIUM EPSS 0.00
IBM Infosphere Master Data Management Server - XSS
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119728.
CWE-79 Jul 31, 2017
CVE-2017-11551 5.5 MEDIUM EPSS 0.01
libid3tag 0.15.1b - DoS
The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.
CWE-119 Jul 31, 2017
CVE-2017-11550 5.5 MEDIUM EPSS 0.00
libid3tag <0.15.1b - DoS
The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.
CWE-476 Jul 31, 2017
CVE-2017-11549 5.5 MEDIUM EPSS 0.00
TiMidity++ 2.14.0 - DoS
The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option.
CWE-834 Jul 31, 2017
CVE-2017-11548 5.5 MEDIUM 1 PoC Analysis EPSS 0.02
Xiph.Org libao 1.2.0 - Memory Corruption
The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.
CWE-119 Jul 31, 2017
CVE-2017-11547 5.5 MEDIUM EPSS 0.00
TiMidity++ 2.14.0 - DoS
The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation.
CWE-125 Jul 31, 2017
CVE-2017-11546 5.5 MEDIUM EPSS 0.00
TiMidity++ 2.14.0 - DoS
The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option.
CWE-369 Jul 31, 2017
CVE-2017-11359 5.5 MEDIUM 1 PoC Analysis EPSS 0.04
Sound Exchange - Divide By Zero
The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.
CWE-369 Jul 31, 2017
CVE-2017-11358 5.5 MEDIUM 1 PoC Analysis EPSS 0.05
Sound Exchange - Out-of-Bounds Read
The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.
CWE-125 Jul 31, 2017
CVE-2017-11333 5.5 MEDIUM 1 PoC Analysis EPSS 0.02
Xiph.org Libvorbis - NULL Pointer Dereference
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
CWE-476 Jul 31, 2017
CVE-2017-11332 5.5 MEDIUM 1 PoC Analysis EPSS 0.05
Sound Exchange - Divide By Zero
The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.
CWE-369 Jul 31, 2017
CVE-2017-11331 5.5 MEDIUM 1 PoC Analysis EPSS 0.02
Xiph Vorbis-tools - Memory Corruption
The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.
CWE-119 Jul 31, 2017
CVE-2017-11330 5.5 MEDIUM 1 PoC Analysis EPSS 0.03
Divfix++ - Out-of-Bounds Write
The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in DivFix++ v0.34 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted avi file.
CWE-787 Jul 31, 2017
CVE-2017-11119 5.5 MEDIUM EPSS 0.00
Nosefart - Out-of-Bounds Read
The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a in Nosefart 2.9-mls allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted nsf file.
CWE-125 Jul 31, 2017
CVE-2017-11118 5.5 MEDIUM EPSS 0.00
Openexif - Infinite Loop
The ExifImageFile::readImage function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted jpg file.
CWE-835 Jul 31, 2017

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
CVE-2026-3910: The Type the Compiler Promised — A V8 JIT Story in Seven Acts
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2025-43520
Apple - Memory Corruption
 CVE-2025-43510
Apple - Memory Corruption
 CVE-2025-31277
Apple Safari < 18.6 - Memory Corruption
 CVE-2026-20963
Microsoft Office SharePoint - Code Injection
 CVE-2025-66376
Zimbra Collaboration <10.0.18, <10.1.13 - XSS
 CVE-2025-47813
Wftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
 CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal