CVE & Exploit Intelligence Database

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,864 CVEs tracked 53,333 with exploits 4,742 exploited in wild 1,545 CISA KEV 3,939 Nuclei templates 49,042 vendors 42,726 researchers
111,268 results Clear all
CVE-2017-6832 5.5 MEDIUM EPSS 0.05
Audio File Library <0.3.6 - Buffer Overflow
Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
CWE-119 Mar 20, 2017
CVE-2017-6831 5.5 MEDIUM 2 Writeups EPSS 0.05
Audio File Library <0.3.7 - Buffer Overflow
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
CWE-119 Mar 20, 2017
CVE-2017-6830 5.5 MEDIUM EPSS 0.07
Audio File Library <0.3.6 - Buffer Overflow
Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
CWE-119 Mar 20, 2017
CVE-2017-6829 5.5 MEDIUM 1 Writeup EPSS 0.05
Audio File Library <0.3.6 - DoS
The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
CWE-125 Mar 20, 2017
CVE-2017-6805 5.3 MEDIUM 1 PoC Analysis EPSS 0.17
MobaXterm Personal Edition 9.4 - Path Traversal
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
CWE-22 Mar 20, 2017
CVE-2017-6356 5.3 MEDIUM EPSS 0.00
Paloaltonetworks Terminal Services Agent - Incorrect Permission Assignment
Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors.
CWE-732 Mar 20, 2017
CVE-2017-5987 5.5 MEDIUM EPSS 0.00
Qemu < 2.8.1.1 - Infinite Loop
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.
CWE-835 Mar 20, 2017
CVE-2017-5956 5.5 MEDIUM EPSS 0.00
Virglrenderer < 0.5.0 - Out-of-Bounds Read
The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index.
CWE-125 Mar 20, 2017
CVE-2017-1155 4.3 MEDIUM EPSS 0.01
IBM Algorithmics One-Algo Risk App <5.1.0 - Privilege Escalation
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754.
CWE-200 Mar 20, 2017
CVE-2017-1146 5.4 MEDIUM EPSS 0.00
IBM Content Navigator <3.0.0 - XSS
IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736.
CWE-79 Mar 20, 2017
CVE-2016-9696 5.4 MEDIUM EPSS 0.00
IBM Rational Rhapsody Design Manager - XSS
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 1999960.
CWE-79 Mar 20, 2017
CVE-2016-9694 5.4 MEDIUM EPSS 0.00
IBM Rational Rhapsody Design Manager - XSS
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999960.
CWE-79 Mar 20, 2017
CVE-2016-8973 4.3 MEDIUM EPSS 0.00
IBM Rhapsody DM <6.0 - Privilege Escalation
IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960.
CWE-434 Mar 20, 2017
CVE-2016-2981 6.8 MEDIUM EPSS 0.00
IBM Rational Collaborative Lifecycle ... - Information Disclosure
An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.
CWE-200 Mar 20, 2017
CVE-2016-2406 4.3 MEDIUM EPSS 0.00
Huawei Document Security Management <V100R002C05SPC670 - Info Discl...
The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button.
CWE-275 Mar 20, 2017
CVE-2016-10214 6.5 MEDIUM EPSS 0.00
Virglrenderer < 0.5.0 - Resource Management Error
Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.
CWE-399 Mar 20, 2017
CVE-2015-8985 5.9 MEDIUM EPSS 0.00
GNU Glibc < 2.28 - Denial of Service
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.
CWE-19 Mar 20, 2017
CVE-2015-8984 5.9 MEDIUM EPSS 0.01
GNU Glibc < 2.21 - Out-of-Bounds Read
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.
CWE-125 Mar 20, 2017
CVE-2015-1610 5.3 MEDIUM EPSS 0.00
OpenDaylight l2switch - Info Disclosure
hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing."
CWE-264 Mar 20, 2017
CVE-2014-9845 5.5 MEDIUM EPSS 0.00
ImageMagick - DoS
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
CWE-119 Mar 20, 2017

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-20963
Microsoft Office SharePoint - Code Injection
 CVE-2025-66376
Zimbra Collaboration <10.0.18, <10.1.13 - XSS
 CVE-2025-47813
Wftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
 CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass