CVE & Exploit Intelligence Database

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,640 CVEs tracked 53,321 with exploits 4,733 exploited in wild 1,543 CISA KEV 3,938 Nuclei templates 49,006 vendors 42,664 researchers
111,112 results Clear all
CVE-2016-0307 4.3 MEDIUM EPSS 0.00
IBM Connections <5.5 - Info Disclosure
IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.
CWE-200 Feb 08, 2017
CVE-2016-0305 5.4 MEDIUM EPSS 0.00
IBM Connections - XSS
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CWE-79 Feb 08, 2017
CVE-2016-0210 5.3 MEDIUM EPSS 0.00
IBM Sterling B2B Integrator - Info Disclosure
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response.
CWE-200 Feb 08, 2017
CVE-2016-0203 5.5 MEDIUM EPSS 0.00
IBM Cloud Orchestrator - Info Disclosure
A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.
CWE-200 Feb 08, 2017
CVE-2015-7493 4.7 MEDIUM EPSS 0.00
IBM InfoSphere Information Server - Code Injection
IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.
CWE-200 Feb 08, 2017
CVE-2015-7418 4.4 MEDIUM EPSS 0.00
IBM WebSphere - Info Disclosure
IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information.
CWE-200 Feb 08, 2017
CVE-2015-1976 5.5 MEDIUM EPSS 0.00
IBM Security Directory Server < 6.3.1.15 - Improper Access Control
IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.
CWE-284 Feb 08, 2017
CVE-2017-1128 5.4 MEDIUM EPSS 0.00
IBM Rational DOORS Next Generation <6.0 - XSS
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CWE-79 Feb 08, 2017
CVE-2017-1127 5.4 MEDIUM EPSS 0.00
IBM Rational DOORS Next Generation <6.0 - XSS
IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CWE-79 Feb 08, 2017
CVE-2016-9748 4.3 MEDIUM EPSS 0.00
IBM Rational Doors Next Generation - Information Disclosure
IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system.
CWE-200 Feb 08, 2017
CVE-2016-6032 5.4 MEDIUM EPSS 0.00
IBM Rational Team Concert <6.0 - XSS
IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CWE-79 Feb 08, 2017
CVE-2016-2866 4.3 MEDIUM EPSS 0.00
IBM Rational Collaborative Lifecycle ... - Information Disclosure
An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user.
CWE-200 Feb 08, 2017
CVE-2015-5013 5.5 MEDIUM EPSS 0.00
IBM Security Access Manager For Web 8... - Insufficiently Protected Credentials
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.
CWE-522 Feb 08, 2017
CVE-2017-5933 5.9 MEDIUM 1 Writeup EPSS 0.01
Citrix Netscaler Application Delivery... - Information Disclosure
Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.
CWE-200 Feb 08, 2017
CVE-2016-8492 5.9 MEDIUM EPSS 0.00
Fortinet FortiGate - Info Disclosure
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.
CWE-200 Feb 08, 2017
CVE-2016-10213 5.9 MEDIUM 1 Writeup EPSS 0.00
A10networks Advanced Core Operating System - Information Disclosure
A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.
CWE-200 Feb 08, 2017
CVE-2016-10212 5.9 MEDIUM 1 Writeup EPSS 0.01
Radware Alteon < 30.0.5.10 - Information Disclosure
Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a "forbidden attack," a similar issue to CVE-2016-0270. NOTE: this issue may be due to the use of a third-party Cavium product.
CWE-200 Feb 08, 2017
CVE-2016-0270 5.9 MEDIUM 1 Writeup EPSS 0.01
IBM Domino 9.0.1 FP3-5 IF1 - Auth Bypass
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.
CWE-200 Feb 08, 2017
CVE-2017-0451 4.7 MEDIUM 1 PoC Analysis EPSS 0.00
Google Android < 7.1.1 - Information Disclosure
An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129.
CWE-200 Feb 08, 2017
CVE-2017-0448 5.5 MEDIUM EPSS 0.00
Google Android < 7.1.1 - Information Disclosure
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448.
CWE-200 Feb 08, 2017

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-24289: Windows Kernel IOCP Race Condition - The Ghost We Proved by Salting the Circle
Mar 16, 2026
Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2025-47813
Wftpserver Wing FTP Server < 7.4.4 - Error Information Exposure
 CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload