Exploit Intelligence Platform

Updated 5h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,380 CVEs tracked 53,349 with exploits 4,748 exploited in wild 1,551 CISA KEV 3,945 Nuclei templates 49,139 vendors 42,810 researchers
111,437 results Clear all
CVE-2016-5648 5.3 MEDIUM EPSS 0.01
Acer Portal <3.9.4.2000 - Info Disclosure
Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.
CWE-295 Jun 08, 2017
CVE-2016-3095 5.5 MEDIUM EPSS 0.00
Fedora < 2.8.1 - Information Disclosure
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.
CWE-200 Jun 08, 2017
CVE-2016-3111 5.5 MEDIUM EPSS 0.00
Pulp < 2.8.2-1 - Information Disclosure
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.
CWE-200 Jun 08, 2017
CVE-2016-3107 5.5 MEDIUM EPSS 0.00
Pulp < 2.8.2-1 - Improper Access Control
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data.
CWE-284 Jun 08, 2017
CVE-2017-9330 5.6 MEDIUM EPSS 0.00
QEMU <2.9.0 - DoS
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
CWE-835 Jun 08, 2017
CVE-2017-9310 5.6 MEDIUM EPSS 0.00
QEMU - DoS
QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer.
CWE-835 Jun 08, 2017
CVE-2015-2255 5.9 MEDIUM EPSS 0.00
Huawei Ar1220 Firmware - Denial of Service
Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port.
CWE-19 Jun 08, 2017
CVE-2015-2253 5.0 MEDIUM EPSS 0.00
Huawei Oceanstor Uds Firmware - Information Disclosure
The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.
CWE-200 Jun 08, 2017
CVE-2014-6031 4.9 MEDIUM EPSS 0.00
F5 Big-ip Local Traffic Manager - Memory Corruption
Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x before 3.1.1 HF5 allows remote authenticated administrators to cause a denial of service via unspecified vectors.
CWE-119 Jun 08, 2017
CVE-2014-4843 5.3 MEDIUM EPSS 0.00
IBM Curam SPM <6.0.5.5 - Info Disclosure
Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL.
CWE-358 Jun 08, 2017
CVE-2017-9520 5.5 MEDIUM 1 Writeup EPSS 0.00
radare2 1.5.0 - DoS
The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.
CWE-416 Jun 08, 2017
CVE-2017-9516 5.4 MEDIUM 1 PoC Analysis EPSS 0.01
Craft CMS <2.6.2982 - XSS
Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
CWE-79 Jun 08, 2017
CVE-2015-3295 5.3 MEDIUM 1 Writeup EPSS 0.01
markdown-it <4.1.0 - Open Redirect
markdown-it before 4.1.0 does not block data: URLs.
CWE-284 Jun 07, 2017
CVE-2014-9310 6.1 MEDIUM EPSS 0.00
WordPress Backup to Dropbox <4.1 - XSS
Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress.
CWE-79 Jun 07, 2017
CVE-2015-8538 6.5 MEDIUM EPSS 0.00
libdwarf - DoS
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).
CWE-20 Jun 07, 2017
CVE-2015-6959 5.4 MEDIUM EPSS 0.00
Vindula - XSS
Cross-site scripting (XSS) vulnerability in Vindula 1.9.
CWE-79 Jun 07, 2017
CVE-2015-6540 6.1 MEDIUM EPSS 0.00
Igcb Intellect Digital Core - XSS
Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software.
CWE-79 Jun 07, 2017
CVE-2017-4905 5.5 MEDIUM 1 PoC Analysis EPSS 0.04
VMware ESXi <6.5-8.5.6 - Info Disclosure
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.
CWE-908 Jun 07, 2017
CVE-2017-4900 5.5 MEDIUM EPSS 0.00
VMware Workstation Pro/Player <12.5.3 - Use After Free
VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
CWE-476 Jun 07, 2017
CVE-2017-4899 4.7 MEDIUM EPSS 0.00
VMware Workstation Pro/Player <12.5.3 - Memory Corruption
VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed.
CWE-125 Jun 07, 2017

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-43520
Apple - Memory Corruption
 CVE-2025-43510
Apple - Memory Corruption
 CVE-2025-31277
Apple Safari < 18.6 - Memory Corruption
 CVE-2026-20963
Microsoft Office SharePoint - Code Injection
 CVE-2025-66376
Zimbra Collaboration <10.0.18, <10.1.13 - XSS
 CVE-2025-47813
Wftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
 CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal