CVE & Exploit Intelligence Database

Updated 13m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,933 CVEs tracked 53,338 with exploits 4,743 exploited in wild 1,546 CISA KEV 3,941 Nuclei templates 49,062 vendors 42,736 researchers
111,303 results Clear all
CVE-2014-9829 6.5 MEDIUM EPSS 0.00
ImageMagick - DoS
coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file.
CWE-125 Apr 05, 2017
CVE-2017-6340 5.4 MEDIUM 1 PoC Analysis EPSS 0.00
Trendmicro Interscan Web Security Virtual Appliance < 6.5 - XSS
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that allows any authenticated, remote user (even with low privileges like 'Auditor') to create or modify reports, and consequently take advantage of this XSS vulnerability. The JavaScript is executed when victims visit reports or auditlog pages.
CWE-79 Apr 05, 2017
CVE-2017-6339 6.5 MEDIUM 1 PoC Analysis EPSS 0.03
Trendmicro Interscan Web Security Vir... - Improper Privilege Management
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 mismanages certain key and certificate data. Per IWSVA documentation, by default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. It also allows administrators to upload their own certificates signed by a root CA. An attacker with low privileges can download the current CA certificate and Private Key (either the default ones or ones uploaded by administrators) and use those to decrypt HTTPS traffic, thus compromising confidentiality. Also, the default Private Key on this appliance is encrypted with a very weak passphrase. If an appliance uses the default Certificate and Private Key provided by Trend Micro, an attacker can simply download these and decrypt the Private Key using the default/weak passphrase.
CWE-521 Apr 05, 2017
CVE-2017-6338 6.5 MEDIUM 1 PoC Analysis EPSS 0.01
Trendmicro Interscan Web Security Vir... - Incorrect Permission Assignment
Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption Certificate and Private Key.
CWE-732 Apr 05, 2017
CVE-2017-6975 6.8 MEDIUM EPSS 0.00
Apple iOS <10.3.1 - Buffer Overflow
Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior.
CWE-119 Apr 05, 2017
CVE-2017-0330 4.7 MEDIUM EPSS 0.00
Linux Kernel - Information Disclosure
An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33899858. References: N-CVE-2017-0330.
CWE-200 Apr 05, 2017
CVE-2017-0328 4.7 MEDIUM EPSS 0.00
Linux Kernel - Information Disclosure
An information disclosure vulnerability in the NVIDIA crypto driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33898322. References: N-CVE-2017-0328.
CWE-200 Apr 05, 2017
CVE-2017-2671 5.5 MEDIUM 2 PoCs Analysis EPSS 0.00
Linux Kernel < 4.10.8 - Denial of Service
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
Apr 05, 2017
CVE-2017-7418 5.5 MEDIUM 1 Writeup EPSS 0.00
ProFTPD <1.3.5e, <1.3.6rc5 - Privilege Escalation
ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.
CWE-59 Apr 04, 2017
CVE-2017-7234 6.1 MEDIUM EPSS 0.00
Django <1.10.7, <1.9.13, <1.8.18 - Open Redirect
A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.
CWE-601 Apr 04, 2017
CVE-2017-7233 6.1 MEDIUM EPSS 0.01
Django <1.10.7-1.9.13-1.8.18 - Open Redirect
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.
CWE-601 Apr 04, 2017
CVE-2017-0360 5.3 MEDIUM EPSS 0.00
Tryton - Improper Privilege Management
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242.
CWE-269 Apr 04, 2017
CVE-2017-7307 6.8 MEDIUM EPSS 0.00
Riverbed RiOS <9.0.1 - Privilege Escalation
Riverbed RiOS before 9.0.1 does not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file.
CWE-732 Apr 04, 2017
CVE-2017-7306 6.4 MEDIUM EPSS 0.00
Riverbed RiOS <9.6.0 - Info Disclosure
Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs
CWE-521 Apr 04, 2017
CVE-2017-7305 4.6 MEDIUM EPSS 0.00
Riverbed RiOS <9.6.0 - Info Disclosure
Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for a bootloader password; however, this password is optional to meet different customers' needs
CWE-521 Apr 04, 2017
CVE-2017-5670 4.6 MEDIUM EPSS 0.00
Riverbed Rios < 9.6.0 - Information Disclosure
Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks.
CWE-200 Apr 04, 2017
CVE-2016-10318 6.5 MEDIUM EPSS 0.01
Linux Kernel < 4.7.3 - Access Control
A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service.
CWE-264 Apr 04, 2017
CVE-2017-7400 4.8 MEDIUM EPSS 0.00
OpenStack Horizon <11.0.0 - XSS
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
CWE-79 Apr 03, 2017
CVE-2017-7383 5.5 MEDIUM EPSS 0.00
PoDoFo <0.9.5 - DoS
The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
CWE-476 Apr 03, 2017
CVE-2017-7382 5.5 MEDIUM EPSS 0.00
PoDoFo 0.9.5 - DoS
The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
CWE-476 Apr 03, 2017

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-20963
Microsoft Office SharePoint - Code Injection
 CVE-2025-66376
Zimbra Collaboration <10.0.18, <10.1.13 - XSS
 CVE-2025-47813
Wftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
 CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass