Exploit Intelligence Platform

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,380 CVEs tracked 53,349 with exploits 4,748 exploited in wild 1,551 CISA KEV 3,945 Nuclei templates 49,139 vendors 42,810 researchers
111,437 results Clear all
CVE-2017-9404 6.5 MEDIUM EPSS 0.01
LibTIFF <4.0.7 - DoS
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
CWE-772 Jun 02, 2017
CVE-2017-9403 6.5 MEDIUM EPSS 0.01
LibTIFF <4.0.7 - Memory Corruption
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
CWE-772 Jun 02, 2017
CVE-2017-0896 6.5 MEDIUM 1 Writeup EPSS 0.00
Zulip Server <1.5.1 - Privilege Escalation
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.
CWE-862 Jun 02, 2017
CVE-2017-9378 6.5 MEDIUM 1 Writeup EPSS 0.00
BigTree CMS <4.2.18 - Info Disclosure
BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a user is deleted.
CWE-863 Jun 02, 2017
CVE-2017-6039 5.3 MEDIUM EPSS 0.00
Phoenix Broadband PowerAgent SC3 <6.87 - Info Disclosure
A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device.
CWE-259 Jun 02, 2017
CVE-2017-9366 4.8 MEDIUM EPSS 0.00
Telaxus EPESI <1.8.2 - XSS
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.
CWE-79 Jun 02, 2017
CVE-2017-9361 6.1 MEDIUM EPSS 0.00
WebsiteBaker v2.10.0 - XSS
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.
CWE-79 Jun 02, 2017
CVE-2017-9060 5.5 MEDIUM EPSS 0.00
QEMU - DoS
Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.
CWE-401 Jun 01, 2017
CVE-2017-7999 6.5 MEDIUM EPSS 0.00
Eucalyptus - Denial of Service
Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors.
Jun 01, 2017
CVE-2017-7384 6.1 MEDIUM EPSS 0.00
FlipBuilder Flip PDF - XSS
Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter.
CWE-79 Jun 01, 2017
CVE-2017-6512 5.9 MEDIUM EPSS 0.01
< 2.13 - Race Condition
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.
CWE-362 Jun 01, 2017
CVE-2017-3127 6.1 MEDIUM EPSS 0.00
Fortinet Fortios - XSS
A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.
CWE-79 Jun 01, 2017
CVE-2017-9337 6.1 MEDIUM EPSS 0.00
Markdown on Save Improved <2.5 - XSS
The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post.
CWE-79 Jun 01, 2017
CVE-2017-9336 6.1 MEDIUM EPSS 0.00
WP Editor.MD <1.6 - XSS
The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post.
CWE-79 Jun 01, 2017
CVE-2017-9331 5.4 MEDIUM EPSS 0.00
Telaxus EPESI <1.8.2 - XSS
The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter.
CWE-79 Jun 01, 2017
CVE-2017-5688 6.7 MEDIUM EPSS 0.00
Intel Solid State Drive Toolbox <3.4.5 - Privilege Escalation
There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code.
May 31, 2017
CVE-2017-4897 5.5 MEDIUM EPSS 0.00
VMware Horizon DaaS <7.0.0 - Info Disclosure
VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link.
CWE-20 May 31, 2017
CVE-2017-9307 6.5 MEDIUM EPSS 0.00
Allen Disk 1.6 - SSRF
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.
CWE-918 May 31, 2017
CVE-2017-9306 6.1 MEDIUM EPSS 0.01
sysPass 2.1.9 - Auth Bypass
inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.
CWE-79 May 31, 2017
CVE-2017-9305 6.1 MEDIUM 1 Writeup EPSS 0.00
Tiki Wiki CMS Groupware 16.2 - Auth Bypass
lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.
CWE-79 May 31, 2017

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
CVE-2025-12421 CRITICAL
Mattermost <11.0.2, 10.12.1, 10.11.4, 10.5.12 - Auth Bypass
 View all labs →

KEV Gaps

CVE-2025-43520
Apple - Memory Corruption
 CVE-2025-43510
Apple - Memory Corruption
 CVE-2025-31277
Apple Safari < 18.6 - Memory Corruption
 CVE-2026-20963
Microsoft Office SharePoint - Code Injection
 CVE-2025-66376
Zimbra Collaboration <10.0.18, <10.1.13 - XSS
 CVE-2025-47813
Wftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
 CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal