Exploit Intelligence Platform

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,484 CVEs tracked 53,337 with exploits 4,748 exploited in wild 1,551 CISA KEV 3,947 Nuclei templates 49,229 vendors 42,825 researchers
111,579 results Clear all
CVE-2017-11682 6.1 MEDIUM EPSS 0.00
Hashtopussy 0.4.0 - XSS
Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php.
CWE-79 Jul 27, 2017
CVE-2017-11677 6.1 MEDIUM EPSS 0.00
Hashtopus 1.5g - XSS
Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php.
CWE-79 Jul 27, 2017
CVE-2017-11674 5.5 MEDIUM EPSS 0.00
Acunetix 8 - DoS
Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of service (application crash) via a malformed PRE file, related to a "Read Access Violation starting at reporter!madTraceProcess."
CWE-119 Jul 27, 2017
CVE-2017-11671 4.0 MEDIUM EPSS 0.00
GCC <5.5-6.4 - Info Disclosure
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
CWE-338 Jul 26, 2017
CVE-2017-11666 6.1 MEDIUM EPSS 0.00
Kopano WebApp <3.3.0 - XSS
Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file.
CWE-79 Jul 26, 2017
CVE-2017-11612 6.1 MEDIUM EPSS 0.00
Joomla! <3.7.4 - XSS
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
CWE-79 Jul 26, 2017
CVE-2017-11654 5.9 MEDIUM EPSS 0.01
SIPcrack 0.2 - Memory Corruption
An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic.
CWE-125 Jul 26, 2017
CVE-2017-11651 6.1 MEDIUM EPSS 0.00
NexusPHP V1.5 - XSS
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.
CWE-79 Jul 26, 2017
CVE-2017-11644 6.5 MEDIUM EPSS 0.00
ImageMagick 7.0.6-1 - Memory Corruption
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c.
CWE-772 Jul 26, 2017
CVE-2017-11640 6.5 MEDIUM EPSS 0.01
ImageMagick 7.0.6-1 - Memory Corruption
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.
CWE-119 Jul 26, 2017
CVE-2017-11639 6.5 MEDIUM EPSS 0.00
ImageMagick 7.0.6-1 - Buffer Overflow
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h.
CWE-125 Jul 26, 2017
CVE-2017-11629 6.1 MEDIUM NUCLEI EPSS 0.00
dayrui FineCms <5.0.10 - XSS
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
CWE-79 Jul 26, 2017
CVE-2017-11613 6.5 MEDIUM EPSS 0.00
LibTIFF 4.0.8 - DoS
In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.
CWE-20 Jul 26, 2017
CVE-2017-11627 5.5 MEDIUM EPSS 0.00
QPDF 6.0.0 - DoS
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."
CWE-835 Jul 25, 2017
CVE-2017-11626 5.5 MEDIUM EPSS 0.00
QPDF 6.0.0 - DoS
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CWE-835 Jul 25, 2017
CVE-2017-11625 5.5 MEDIUM EPSS 0.00
QPDF 6.0.0 - DoS
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
CWE-835 Jul 25, 2017
CVE-2017-11624 5.5 MEDIUM EPSS 0.00
QPDF 6.0.0 - DoS
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CWE-835 Jul 25, 2017
CVE-2016-6133 6.1 MEDIUM EPSS 0.00
Ektron CMS <9.1.0.184.3.127 - XSS
Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx.
CWE-79 Jul 25, 2017
CVE-2017-6755 6.1 MEDIUM EPSS 0.00
Cisco Prime Collaboration Provisioning - XSS
A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc90312. Known Affected Releases: 12.1.
CWE-79 Jul 25, 2017
CVE-2017-6749 5.4 MEDIUM EPSS 0.00
Cisco WSA - XSS
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88865. Known Affected Releases: 10.1.0-204.
CWE-79 Jul 25, 2017

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-43520
Apple - Memory Corruption
 CVE-2025-43510
Apple - Memory Corruption
 CVE-2025-31277
Apple Safari < 18.6 - Memory Corruption
 CVE-2026-20963
Microsoft Office SharePoint - Code Injection
 CVE-2025-66376
Zimbra Collaboration <10.0.18, <10.1.13 - XSS
 CVE-2025-47813
Wftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
 CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal