CVE & Exploit Intelligence Database

Updated 10m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,896 CVEs tracked 53,334 with exploits 4,742 exploited in wild 1,545 CISA KEV 3,939 Nuclei templates 49,053 vendors 42,729 researchers
111,280 results Clear all
CVE-2017-7274 5.5 MEDIUM 1 Writeup EPSS 0.00
radare2 <1.3.0 - DoS
The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PE file.
CWE-476 Mar 27, 2017
CVE-2017-7273 6.6 MEDIUM 1 Writeup EPSS 0.00
Linux kernel <4.9.4 - DoS
The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report.
Mar 27, 2017
CVE-2017-7271 6.1 MEDIUM 1 Writeup EPSS 0.00
Yii Framework <2.0.11 - XSS
Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen.
CWE-79 Mar 27, 2017
CVE-2017-6464 6.5 MEDIUM EPSS 0.02
Ntp - Improper Input Validation
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.
CWE-20 Mar 27, 2017
CVE-2017-6463 6.5 MEDIUM EPSS 0.03
Ntp - Improper Input Validation
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.
CWE-20 Mar 27, 2017
CVE-2017-6459 5.5 MEDIUM EPSS 0.00
Ntp - Memory Corruption
The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.
CWE-119 Mar 27, 2017
CVE-2015-8762 5.9 MEDIUM EPSS 0.00
Freeradius - NULL Pointer Dereference
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
CWE-476 Mar 27, 2017
CVE-2015-8010 6.1 MEDIUM EPSS 0.00
Icinga <1.14 - XSS
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.
CWE-79 Mar 27, 2017
CVE-2017-6878 5.4 MEDIUM EPSS 0.00
MetInfo 5.3.15 - XSS
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php.
CWE-79 Mar 27, 2017
CVE-2017-5973 5.5 MEDIUM EPSS 0.00
Qemu < 2.8.1.1 - Infinite Loop
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
CWE-835 Mar 27, 2017
CVE-2016-9922 5.5 MEDIUM EPSS 0.00
Qemu < 2.7.1 - Divide By Zero
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.
CWE-369 Mar 27, 2017
CVE-2016-7474 5.5 MEDIUM EPSS 0.00
F5 Big-ip Local Traffic Manager - Information Disclosure
In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.
CWE-200 Mar 27, 2017
CVE-2015-8310 5.4 MEDIUM EPSS 0.00
Cherry Music <0.36.0 - XSS
Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.
CWE-79 Mar 27, 2017
CVE-2015-8309 4.3 MEDIUM 1 PoC Analysis EPSS 0.07
Cherry Music <0.36.0 - Path Traversal
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
CWE-22 Mar 27, 2017
CVE-2017-6067 6.1 MEDIUM EPSS 0.00
Symphony - XSS
Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.
CWE-79 Mar 27, 2017
CVE-2017-6003 6.1 MEDIUM EPSS 0.00
Dotcms - XSS
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
CWE-79 Mar 27, 2017
CVE-2017-5622 5.9 MEDIUM EPSS 0.00
Oneplus Oxygenos < 4.0.2 - Incorrect Default Permissions
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information.
CWE-276 Mar 26, 2017
CVE-2017-2645 6.1 MEDIUM EPSS 0.00
Moodle < 3.1.5 - XSS
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.
CWE-79 Mar 26, 2017
CVE-2017-2644 6.1 MEDIUM EPSS 0.00
Moodle < 3.2.2 - XSS
In Moodle 3.x, XSS can occur via evidence of prior learning.
CWE-79 Mar 26, 2017
CVE-2017-2643 5.3 MEDIUM EPSS 0.01
Moodle < 3.2.2 - Information Disclosure
In Moodle 3.2.x, global search displays user names for unauthenticated users.
CWE-200 Mar 26, 2017

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-20963
Microsoft Office SharePoint - Code Injection
 CVE-2025-66376
Zimbra Collaboration <10.0.18, <10.1.13 - XSS
 CVE-2025-47813
Wftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
 CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass