CVE & Exploit Intelligence Database

Updated 1h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,831 CVEs tracked 53,332 with exploits 4,739 exploited in wild 1,545 CISA KEV 3,939 Nuclei templates 49,039 vendors 42,720 researchers
111,250 results Clear all
CVE-2017-6905 6.1 MEDIUM 1 Writeup EPSS 0.00
Concrete5 <= 5.6.3.4 - XSS
An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/tools/files/search_dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CWE-79 Mar 15, 2017
CVE-2017-3899 6.5 MEDIUM EPSS 0.01
Intel Security ATD <3.6.0 - SQL Injection
SQL injection vulnerability in Intel Security Advanced Threat Defense (ATD) Linux 3.6.0 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
CWE-89 Mar 14, 2017
CVE-2016-8025 6.2 MEDIUM 1 PoC Analysis EPSS 0.02
Intel Security VSEL <2.0.3 - Info Disclosure
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
CWE-89 Mar 14, 2017
CVE-2016-8021 5.0 MEDIUM 1 PoC Analysis EPSS 0.03
Intel Security VirusScan Enterprise Linux <2.0.3 - RCE
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.
CWE-347 Mar 14, 2017
CVE-2016-8019 6.1 MEDIUM 1 PoC Analysis EPSS 0.01
Intel Security VSEL <2.0.3 - XSS
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.
CWE-79 Mar 14, 2017
CVE-2016-8018 4.3 MEDIUM 1 PoC Analysis EPSS 0.00
Intel Security VSEL <2.0.3 - CSRF
Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.
CWE-352 Mar 14, 2017
CVE-2016-8017 4.1 MEDIUM 1 PoC Analysis EPSS 0.14
Intel Security VSEL <2.0.3 - Code Injection
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.
CWE-20 Mar 14, 2017
CVE-2016-8011 6.1 MEDIUM EPSS 0.00
Intel Security McAfee ENS Web Control <10.2.0.408.10 - XSS
Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site.
CWE-79 Mar 14, 2017
CVE-2016-8007 6.3 MEDIUM 1 PoC Analysis EPSS 0.00
McAfee HIPS <8.0.7 - Auth Bypass
Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific conditions.
CWE-284 Mar 14, 2017
CVE-2016-8005 6.5 MEDIUM EPSS 0.00
Intel Security McAfee Email Gateway <7.6.404h1128596 - Info Disclosure
File extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) before 7.6.404h1128596 allows attackers to fail to identify the file name properly via scanning an email with a forged attached filename that uses a null byte within the filename extension.
CWE-264 Mar 14, 2017
CVE-2015-8987 5.3 MEDIUM EPSS 0.00
Mcafee Agent < 4.8.0 - Improper Access Control
Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server.
CWE-284 Mar 14, 2017
CVE-2015-8986 5.5 MEDIUM EPSS 0.00
Mcafee Advanced Threat Defense < 3.4.2.32 - Security Feature Bypass
Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware file (false-negative) via specially crafted malware.
CWE-254 Mar 14, 2017
CVE-2014-9920 5.9 MEDIUM EPSS 0.00
Mcafee Application Control - Improper Access Control
Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances.
CWE-284 Mar 14, 2017
CVE-2013-7461 5.5 MEDIUM EPSS 0.00
McAfee MCC <6.1.0 - Privilege Escalation
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions.
CWE-284 Mar 14, 2017
CVE-2013-7460 5.5 MEDIUM EPSS 0.00
McAfee MAC <6.1.0 - Privilege Escalation
A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part of the Application Control whitelist and allows execution of binaries via specific conditions.
CWE-284 Mar 14, 2017
CVE-2017-6516 6.7 MEDIUM 3 PoCs Analysis EPSS 0.21
MagniComp SysInfo mcsiwrapper Privilege Escalation
A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This access could be exploited by a local attacker to gain a root shell prompt using the right combination of environment variables and command line arguments.
CWE-20 Mar 14, 2017
CVE-2017-3000 6.5 MEDIUM 1 PoC Analysis EPSS 0.17
Adobe Flash Player < 24.0.0.221 - Information Disclosure
Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.
Mar 14, 2017
CVE-2017-6335 5.5 MEDIUM EPSS 0.00
Graphicsmagick < 1.3.25 - Out-of-Bounds Read
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.
CWE-125 Mar 14, 2017
CVE-2017-5957 5.5 MEDIUM EPSS 0.00
Virglrenderer < 0.6.0 - Out-of-Bounds Write
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument.
CWE-787 Mar 14, 2017
CVE-2016-10172 5.5 MEDIUM EPSS 0.00
Wavpack < 5.0.0 - Out-of-Bounds Read
The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
CWE-125 Mar 14, 2017

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-20963
Microsoft Office SharePoint - Code Injection
 CVE-2025-66376
Zimbra Collaboration <10.0.18, <10.1.13 - XSS
 CVE-2025-47813
Wftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
 CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass