CVE & Exploit Intelligence Database

Updated 1h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,076 CVEs tracked 53,339 with exploits 4,745 exploited in wild 1,546 CISA KEV 3,941 Nuclei templates 49,076 vendors 42,752 researchers

111,366 results Clear all

CVE-2017-7940 5.5 MEDIUM EPSS 0.00

Entropymine Imageworsener - Denial of Service

The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.

CWE-400 Apr 18, 2017

CVE-2017-7939 5.5 MEDIUM EPSS 0.00

Entropymine Imageworsener - Out-of-Bounds Read

The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file.

CWE-125 Apr 18, 2017

CVE-2017-7897 6.1 MEDIUM 1 Writeup EPSS 0.00

Mantisbt < 2.3.2 - XSS

A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.

CWE-79 Apr 18, 2017

CVE-2017-5653 5.3 MEDIUM EPSS 0.03

Apache Cxf < 3.0.13 - Improper Certificate Validation

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.

CWE-295 Apr 18, 2017

CVE-2017-7896 6.1 MEDIUM EPSS 0.53

Trendmicro Interscan Messaging Security Virtual Appliance < 9.1 - XSS

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.

CWE-79 Apr 18, 2017

CVE-2017-1160 5.4 MEDIUM EPSS 0.00

IBM Financial Transaction Manager - XSS

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122892.

CWE-79 Apr 17, 2017

CVE-2016-3038 5.4 MEDIUM EPSS 0.00

IBM Cognos Business Intelligence - XSS

IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614.

CWE-79 Apr 17, 2017

CVE-2016-3037 5.7 MEDIUM EPSS 0.00

IBM Cognos Business Intelligence - Information Disclosure

IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM X-Force ID: 114613.

CWE-200 Apr 17, 2017

CVE-2016-0228 5.4 MEDIUM EPSS 0.00

IBM Marketing Platform 10.0 - Open Redirect

IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236.

CWE-601 Apr 17, 2017

CVE-2015-8256 6.1 MEDIUM 1 PoC Analysis EPSS 0.07

Axis Network Cameras - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.

CWE-79 Apr 17, 2017

CVE-2016-4873 4.3 MEDIUM EPSS 0.00

Cybozu Office 9.0.0-10.4.0 - RCE

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.

CWE-275 Apr 17, 2017

CVE-2016-4872 4.3 MEDIUM EPSS 0.00

Cybozu Office - Information Disclosure

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.

CWE-200 Apr 17, 2017

CVE-2016-4871 6.5 MEDIUM EPSS 0.02

Cybozu Office - Resource Management Error

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.

CWE-399 Apr 17, 2017

CVE-2016-4870 5.4 MEDIUM EPSS 0.00

Cybozu Office - XSS

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.

CWE-79 Apr 17, 2017

CVE-2016-4869 6.5 MEDIUM EPSS 0.01

Cybozu Office - Information Disclosure

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.

CWE-200 Apr 17, 2017

CVE-2016-4868 4.3 MEDIUM EPSS 0.01

Cybozu Office - Improper Input Validation

Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.

CWE-20 Apr 17, 2017

CVE-2016-4867 4.3 MEDIUM EPSS 0.00

Cybozu Office - Information Disclosure

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.

CWE-200 Apr 17, 2017

CVE-2016-4866 4.8 MEDIUM EPSS 0.00

Cybozu Office - XSS

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.

CWE-79 Apr 17, 2017

CVE-2016-4865 4.8 MEDIUM EPSS 0.00

Cybozu Office - XSS

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.

CWE-79 Apr 17, 2017

CVE-2017-7891 6.1 MEDIUM EPSS 0.00

Sourcebans-pp - XSS

sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter.

CWE-79 Apr 17, 2017