Exploit Intelligence Platform

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,380 CVEs tracked 53,349 with exploits 4,748 exploited in wild 1,551 CISA KEV 3,945 Nuclei templates 49,139 vendors 42,810 researchers

111,437 results Clear all

CVE-2017-8782 6.5 MEDIUM EPSS 0.00

Libming - Integer Overflow

The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error.

CWE-190 May 31, 2017

CVE-2017-7511 5.5 MEDIUM EPSS 0.00

poppler <0.17.3 - Memory Corruption

poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.

CWE-476 May 30, 2017

CVE-2017-2311 5.3 MEDIUM EPSS 0.00

Juniper Networks Junos Space <16.1R1 - DoS

On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition.

CVE-2017-2310 5.3 MEDIUM EPSS 0.00

Juniper Networks Junos Space <16.1R1 - Privilege Escalation

A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk.

CVE-2017-2309 5.9 MEDIUM EPSS 0.00

Juniper Networks Junos Space <16.1R1 - Info Disclosure

On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk.

CWE-200 May 30, 2017

CVE-2017-2308 6.5 MEDIUM EPSS 0.00

Juniper Networks Junos Space <16.1R1 - Info Disclosure

An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.

CWE-611 May 30, 2017

CVE-2017-2307 6.1 MEDIUM EPSS 0.00

Juniper Networks Junos Space <16.1R1 - XSS

A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space.

CWE-79 May 30, 2017

CVE-2017-9303 6.1 MEDIUM EPSS 0.00

Laravel 5.4.x <5.4.22 - CSRF

Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.

CWE-20 May 29, 2017

CVE-2017-9302 5.5 MEDIUM EPSS 0.00

RealPlayer 16.0.2.32 - DoS

RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.

CWE-369 May 29, 2017

CVE-2017-9299 6.1 MEDIUM EPSS 0.00

OTRS 3.3.9 - XSS

Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected.

CWE-79 May 29, 2017

CVE-2017-9298 5.4 MEDIUM EPSS 0.00

Hitachi Device Manager <8.5.2-01/Replication Manager <8.5.2-00 - XSS

Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.

CWE-79 May 29, 2017

CVE-2017-9297 6.1 MEDIUM EPSS 0.00

Hitachi Device Manager <8.5.2-01 - Open Redirect

Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.

CWE-601 May 29, 2017

CVE-2017-9296 6.1 MEDIUM EPSS 0.00

Hitachi Device Manager < 8.5.2 - Open Redirect

Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.

CWE-601 May 29, 2017

CVE-2017-9295 6.5 MEDIUM EPSS 0.00

Hitachi Device Manager < 8.5.2 - XXE

XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.

CWE-611 May 29, 2017

CVE-2017-9292 6.1 MEDIUM EPSS 0.00

Lansweeper <6.0.0.65 - XSS

Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.

CWE-79 May 29, 2017

CVE-2017-9289 6.1 MEDIUM EPSS 0.00

Bram Korsten <1.2.0 - XSS

Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter).

CWE-79 May 29, 2017

CVE-2017-9288 6.1 MEDIUM NUCLEI EPSS 0.03

Raygun4WP <1.8.0 - XSS

The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).

CWE-79 May 29, 2017

CVE-2017-9287 6.5 MEDIUM EPSS 0.36

OpenLDAP <2.4.44 - Memory Corruption

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.

CWE-415 May 29, 2017

CVE-2017-9263 6.5 MEDIUM EPSS 0.00

Open vSwitch 2.7.0 - DoS

In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.

CWE-20 May 29, 2017

CVE-2017-9262 6.5 MEDIUM EPSS 0.00

ImageMagick <7.0.5-6 - DoS

In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.

CWE-772 May 29, 2017