Exploit Intelligence Platform

Updated 5h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,480 CVEs tracked 53,336 with exploits 4,748 exploited in wild 1,551 CISA KEV 3,947 Nuclei templates 49,227 vendors 42,821 researchers
111,578 results Clear all
CVE-2017-3103 6.1 MEDIUM EPSS 0.01
Adobe Connect < 9.6.1 - XSS
Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack.
CWE-79 Jul 17, 2017
CVE-2017-3102 6.1 MEDIUM EPSS 0.01
Adobe Connect < 9.6.1 - XSS
Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack.
CWE-79 Jul 17, 2017
CVE-2017-3100 6.5 MEDIUM EPSS 0.02
Adobe Flash Player Desktop Runtime < 26.0.0.131 - Out-of-Bounds Write
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.
CWE-787 Jul 17, 2017
CVE-2017-3080 6.5 MEDIUM EPSS 0.04
Adobe Flash Player Desktop Runtime - Information Disclosure
Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.
Jul 17, 2017
CVE-2017-2347 6.5 MEDIUM EPSS 0.01
Juniper Networks Junos OS <14.2 - DoS
A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS ping packet to crash the rpd daemon if MPLS OAM is configured. Repeated crashes of the rpd daemon can result in an extended denial of service condition for the device. The affected releases are Junos OS 12.3X48 prior to 12.3X48-D50, 12.3X48-D55; 13.3 prior to 13.3R10; 14.1 prior to 14.1R4-S13, 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D42, 14.1X53-D50; 14.2 prior to 14.2R4-S8, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F5-S7, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5-S1, 15.1R6; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D105, 15.1X53-D47, 15.1X53-D62, 15.1X53-D70; 16.1 prior to 16.1R3-S3, 16.1R4. No other Juniper Networks products or platforms are affected by this issue.
CWE-20 Jul 17, 2017
CVE-2017-2346 5.9 MEDIUM EPSS 0.00
Junos OS <16.1R2 - DoS
An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Application Layer Gateway (ALG). Repeated crashes of the Service PC can result in an extended denial of service condition. The issue can be seen only if NAT or stateful-firewall rules are configured with ALGs enabled. This issue was caused by the code change for PR 1182910 in Junos OS 14.1X55-D30, 14.1X55-D35, 14.2R7, 15.1R5, and 16.1R2. No other versions of Junos OS and no other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS on MX platforms running: 14.1X55 from 14.1X55-D30 to releases prior to 14.1X55-D35; 14.2R from 14.2R7 to releases prior to 14.2R7-S4, 14.2R8; 15.1R from 15.1R5 to releases prior to 15.1R5-S2, 15.1R6; 16.1R from 16.1R2 to releases prior to 16.1R3-S2, 16.1R4.
Jul 17, 2017
CVE-2017-2241 6.3 MEDIUM EPSS 0.00
AssetView <9.2.0 - SQL Injection
SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service".
CWE-89 Jul 17, 2017
CVE-2017-2240 6.5 MEDIUM EPSS 0.01
AssetView <9.2.0 - Path Traversal
Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service".
CWE-22 Jul 17, 2017
CVE-2017-11360 6.5 MEDIUM EPSS 0.00
ImageMagick 7.0.6-1 - Buffer Overflow
The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.
CWE-834 Jul 17, 2017
CVE-2017-11353 5.9 MEDIUM EPSS 0.00
Yadm - Race Condition
yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys.
CWE-362 Jul 17, 2017
CVE-2017-11352 6.5 MEDIUM EPSS 0.01
ImageMagick <7.0.5-10 - Buffer Overflow
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.
Jul 17, 2017
CVE-2017-11348 5.7 MEDIUM EPSS 0.01
Octopus Server - Path Traversal
In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.
CWE-22 Jul 17, 2017
CVE-2017-11340 6.5 MEDIUM EPSS 0.01
Exiv2 - Improper Input Validation
There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.
CWE-20 Jul 17, 2017
CVE-2017-11339 6.5 MEDIUM EPSS 0.01
Exiv2 - Memory Corruption
There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
CWE-119 Jul 17, 2017
CVE-2017-11338 6.5 MEDIUM EPSS 0.01
Exiv2 - Infinite Loop
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
CWE-835 Jul 17, 2017
CVE-2017-11337 6.5 MEDIUM EPSS 0.01
Exiv2 - Use After Free
There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
CWE-416 Jul 17, 2017
CVE-2017-11336 6.5 MEDIUM EPSS 0.01
Exiv2 - Out-of-Bounds Read
There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
CWE-125 Jul 17, 2017
CVE-2017-11328 5.5 MEDIUM 1 Writeup EPSS 0.00
Virustotal Yara - Memory Corruption
Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.
CWE-119 Jul 17, 2017
CVE-2017-10604 5.3 MEDIUM EPSS 0.00
Juniper Junos - Brute Force
When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operation occurs, then there will be errors associated with synch or failover while the root account is locked out. Administrators can confirm if the root account is locked out via the following command root@device> show system login lockout user root User Lockout start Lockout end root 1995-01-01 01:00:01 PDT 1995-11-01 01:31:01 PDT Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D65 on SRX series; 12.3X48 prior to 12.3X48-D45 on SRX series; 15.1X49 prior to 15.1X49-D75 on SRX series.
CWE-307 Jul 17, 2017
CVE-2017-1000078 6.1 MEDIUM EPSS 0.00
Linux Foundation ONOS 1.9 - XSS
Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration
CWE-79 Jul 17, 2017

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-43520
Apple - Memory Corruption
 CVE-2025-43510
Apple - Memory Corruption
 CVE-2025-31277
Apple Safari < 18.6 - Memory Corruption
 CVE-2026-20963
Microsoft Office SharePoint - Code Injection
 CVE-2025-66376
Zimbra Collaboration <10.0.18, <10.1.13 - XSS
 CVE-2025-47813
Wftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
 CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal