Exploit Intelligence Platform

Updated 6h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,175 CVEs tracked 53,341 with exploits 4,746 exploited in wild 1,546 CISA KEV 3,943 Nuclei templates 49,090 vendors 42,769 researchers

111,409 results Clear all

CVE-2017-2093 4.3 MEDIUM EPSS 0.00

Cybozu Garoon <4.2.3 - Info Disclosure

Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.

CWE-200 Apr 28, 2017

CVE-2017-2092 5.4 MEDIUM EPSS 0.00

Cybozu Garoon <4.2.3 - XSS

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 28, 2017

CVE-2017-2091 4.3 MEDIUM EPSS 0.00

Cybozu Garoon <4.2.3 - Auth Bypass

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.

CVE-2017-2090 6.5 MEDIUM EPSS 0.03

CubeCart <6.1.4 - Path Traversal

Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.

CWE-22 Apr 28, 2017

CVE-2016-7843 5.5 MEDIUM EPSS 0.07

Hibara Software Attachecase For Java < 0.6.0 - Path Traversal

Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.

CWE-22 Apr 28, 2017

CVE-2016-7842 5.5 MEDIUM EPSS 0.07

Hibara Attachecase < 2.8.2.8 - Path Traversal

Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.

CWE-22 Apr 28, 2017

CVE-2016-7841 6.1 MEDIUM EPSS 0.00

Olive Design Olive Diary DX - XSS

Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CWE-79 Apr 28, 2017

CVE-2016-7840 6.1 MEDIUM EPSS 0.00

Olive Design Olive Blog - XSS

Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter.

CWE-79 Apr 28, 2017

CVE-2016-7839 6.1 MEDIUM EPSS 0.00

Olive Design Olive Blog - XSS

Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CWE-79 Apr 28, 2017

CVE-2016-7815 4.2 MEDIUM EPSS 0.00

Cybozu Remote Service Manager - Improper Certificate Validation

Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.

CWE-295 Apr 28, 2017

CVE-2017-8302 5.4 MEDIUM EPSS 0.00

Blueriver Muracms - XSS

Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm.

CWE-79 Apr 27, 2017

CVE-2017-8301 5.3 MEDIUM EPSS 0.00

Openbsd Libressl - Improper Certificate Validation

LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.

CWE-295 Apr 27, 2017

CVE-2017-8298 5.4 MEDIUM EPSS 0.00

Cnvs Canvas - XSS

cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users.

CWE-79 Apr 27, 2017

CVE-2017-3008 6.1 MEDIUM EPSS 0.00

Adobe Coldfusion - XSS

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability.

CWE-79 Apr 27, 2017

CVE-2017-3161 6.1 MEDIUM EPSS 0.06

Apache Hadoop < 2.6.5 - XSS

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.

CWE-79 Apr 26, 2017

CVE-2017-1170 5.3 MEDIUM EPSS 0.00

IBM WebSphere Commerce <8.0 - Privilege Escalation

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230.

CVE-2016-8962 5.9 MEDIUM EPSS 0.00

IBM BigFix Inventory 9.2 - Info Disclosure

IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851.

CWE-255 Apr 26, 2017

CVE-2016-8924 5.6 MEDIUM EPSS 0.00

IBM Maximo Asset Management <7.6 - Session Hijacking

IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537.

CWE-79 Apr 26, 2017

CVE-2017-8219 6.5 MEDIUM EPSS 0.00

Tp-link C2 Firmware - Improper Input Validation

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.

CWE-20 Apr 25, 2017

CVE-2017-8217 5.3 MEDIUM EPSS 0.00

Tp-link C2 Firmware - Missing Authorization

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.

CWE-862 Apr 25, 2017