CVE & Exploit Intelligence Database

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,325 CVEs tracked 53,302 with exploits 4,731 exploited in wild 1,542 CISA KEV 3,931 Nuclei templates 48,916 vendors 42,598 researchers
110,849 results Clear all
CVE-2016-1000127 6.1 MEDIUM NUCLEI EPSS 0.02
WordPress Plugin Ajax-Random-Post <2.00 - XSS
Reflected XSS in wordpress plugin ajax-random-post v2.00
CWE-79 Oct 10, 2016
CVE-2016-1000126 6.1 MEDIUM NUCLEI EPSS 0.02
WordPress Plugin Admin-Font-Editor <1.8 - XSS
Reflected XSS in wordpress plugin admin-font-editor v1.8
CWE-79 Oct 10, 2016
CVE-2016-8100 5.5 MEDIUM EPSS 0.00
Intel IPP <9.0.4 - Info Disclosure
Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack.
CWE-200 Oct 10, 2016
CVE-2016-7423 4.4 MEDIUM EPSS 0.00
Qemu < 2.7.1 - Denial of Service
The mptsas_process_scsi_io_request function in QEMU (aka Quick Emulator), when built with LSI SAS1068 Host Bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors involving MPTSASRequest objects.
Oct 10, 2016
CVE-2016-7099 5.9 MEDIUM EPSS 0.01
Node.js <4.6.0 - Man-in-the-Middle Attack
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
CWE-19 Oct 10, 2016
CVE-2016-5325 6.1 MEDIUM EPSS 0.01
Node.js <6.7.0 - CRLF Injection
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.
CWE-113 Oct 10, 2016
CVE-2016-6690 5.5 MEDIUM 1 PoC Analysis EPSS 0.00
Google Android < 7.0 - Improper Access Control
The sound driver in the kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Nexus Player devices allows attackers to cause a denial of service (reboot) via a crafted application, aka internal bug 28838221.
CWE-284 Oct 10, 2016
CVE-2016-6689 5.5 MEDIUM 1 PoC Analysis EPSS 0.01
Google Android < 7.0 - Information Disclosure
Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347.
CWE-200 Oct 10, 2016
CVE-2016-6688 5.5 MEDIUM EPSS 0.00
Google Android < 7.0 - Information Disclosure
The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30593080.
CWE-200 Oct 10, 2016
CVE-2016-6687 5.5 MEDIUM EPSS 0.00
Google Android < 7.0 - Information Disclosure
The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30162222.
CWE-200 Oct 10, 2016
CVE-2016-6686 5.5 MEDIUM EPSS 0.00
Google Android < 7.0 - Information Disclosure
The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30163101.
CWE-200 Oct 10, 2016
CVE-2016-6685 5.5 MEDIUM EPSS 0.00
Google Android < 7.0 - Information Disclosure
The kernel in Android before 2016-10-05 on Nexus 6P devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30402628.
CWE-200 Oct 10, 2016
CVE-2016-6684 5.5 MEDIUM EPSS 0.00
Google Android - Information Disclosure
The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Android One devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30148243.
CWE-200 Oct 10, 2016
CVE-2016-6683 5.5 MEDIUM EPSS 0.00
Google Android < 7.0 - Information Disclosure
The kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30143283.
CWE-200 Oct 10, 2016
CVE-2016-6682 5.5 MEDIUM EPSS 0.00
Google Android < 7.0 - Information Disclosure
drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 30152501 and Qualcomm internal bug CR 1049615.
CWE-200 Oct 10, 2016
CVE-2016-6681 5.5 MEDIUM EPSS 0.00
Google Android < 7.0 - Information Disclosure
drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 30152182 and Qualcomm internal bug CR 1049521.
CWE-200 Oct 10, 2016
CVE-2016-6679 5.5 MEDIUM EPSS 0.00
Google Android < 7.0 - Information Disclosure
CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes a setwpaie ioctl call, aka Android internal bug 29915601 and Qualcomm internal bug CR 1000913.
CWE-200 Oct 10, 2016
CVE-2016-6678 5.5 MEDIUM EPSS 0.00
Google Android < 7.0 - Information Disclosure
The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 29914434.
CWE-200 Oct 10, 2016
CVE-2016-6677 5.5 MEDIUM EPSS 0.00
Google Android < 7.0 - Information Disclosure
The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30259955.
CWE-200 Oct 10, 2016
CVE-2016-5348 5.9 MEDIUM 1 PoC Analysis EPSS 0.10
Google Android - Resource Management Error
The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service (memory consumption, and device hang or reboot) via a large xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 29555864.
CWE-399 Oct 10, 2016

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

Six AI Agents, One Security Company: The Paperclip AI Experiment
Mar 16, 2026
CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF