CVE & Exploit Intelligence Database

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,076 CVEs tracked 53,339 with exploits 4,745 exploited in wild 1,546 CISA KEV 3,941 Nuclei templates 49,076 vendors 42,752 researchers
111,366 results Clear all
CVE-2016-1220 4.3 MEDIUM EPSS 0.00
Cybozu Garoon <4.2.2 - Info Disclosure
Cybozu Garoon before 4.2.2 does not properly restrict access.
CWE-284 Apr 20, 2017
CVE-2016-1217 6.1 MEDIUM EPSS 0.00
Cybozu Garoon <4.2.2 - XSS
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
CWE-79 Apr 20, 2017
CVE-2016-1216 6.1 MEDIUM EPSS 0.00
Cybozu Garoon <4.2.2 - XSS
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
CWE-79 Apr 20, 2017
CVE-2016-1215 6.1 MEDIUM EPSS 0.00
Cybozu Garoon <4.2.2 - XSS
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
CWE-79 Apr 20, 2017
CVE-2016-1214 6.1 MEDIUM EPSS 0.00
Cybozu Garoon <4.2.2 - XSS
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
CWE-79 Apr 20, 2017
CVE-2016-1213 6.1 MEDIUM EPSS 0.00
Cybozu Garoon <4.2.2 - SSRF
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
CWE-601 Apr 20, 2017
CVE-2015-8959 6.5 MEDIUM EPSS 0.02
Imagemagick < 6.9.0-3 - Resource Management Error
coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.
CWE-399 Apr 20, 2017
CVE-2015-8958 6.5 MEDIUM EPSS 0.01
Imagemagick < 6.9.0-3 - Out-of-Bounds Read
coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.
CWE-125 Apr 20, 2017
CVE-2015-8957 6.5 MEDIUM EPSS 0.01
Imagemagick < 6.9.0-3 - Memory Corruption
Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.
CWE-119 Apr 20, 2017
CVE-2017-7718 5.5 MEDIUM EPSS 0.00
QEMU - DoS
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.
CWE-125 Apr 20, 2017
CVE-2016-6347 6.1 MEDIUM EPSS 0.00
RESTEasy - XSS
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Apr 20, 2017
CVE-2016-6341 5.5 MEDIUM EPSS 0.00
oVirt Engine <4.0.3 - Info Disclosure
oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.
CWE-200 Apr 20, 2017
CVE-2016-6338 6.8 MEDIUM EPSS 0.00
ovirt-engine-webadmin - Privilege Escalation
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries.
CWE-284 Apr 20, 2017
CVE-2016-6336 6.5 MEDIUM EPSS 0.00
MediaWiki <1.23.15, <1.26.x-1.26.4, <1.27.x-1.27.1 - Auth Bypass
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.
CWE-284 Apr 20, 2017
CVE-2016-6334 6.1 MEDIUM EPSS 0.00
MediaWiki <1.23.15, <1.26.x-<1.26.4, <1.27.x-<1.27.1 - XSS
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.
CWE-79 Apr 20, 2017
CVE-2016-6333 6.1 MEDIUM EPSS 0.00
MediaWiki <1.23.15, <1.26.x-<1.26.4, <1.27.x-<1.27.1 - XSS
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.
CWE-79 Apr 20, 2017
CVE-2016-5761 6.1 MEDIUM EPSS 0.00
Novell GroupWise <2014 R2 SP1 HP1 - XSS
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.
CWE-79 Apr 20, 2017
CVE-2016-5760 6.1 MEDIUM EPSS 0.00
Novell GroupWise <2014 R2 SP1 HP1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp.
CWE-79 Apr 20, 2017
CVE-2016-4849 6.1 MEDIUM EPSS 0.01
Geeklog - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml, (2) public_html/layout/bento/header.thtml, (3) public_html/layout/fotos/header.thtml, or (4) public_html/layout/default/article/article.thtml.
CWE-79 Apr 20, 2017
CVE-2016-4847 6.1 MEDIUM EPSS 0.01
Ossec Web UI < 0.8 - XSS
Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex.
CWE-79 Apr 20, 2017

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-20963
Microsoft Office SharePoint - Code Injection
 CVE-2025-66376
Zimbra Collaboration <10.0.18, <10.1.13 - XSS
 CVE-2025-47813
Wftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
 CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass