CVE & Exploit Intelligence Database

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,263 CVEs tracked 53,300 with exploits 4,731 exploited in wild 1,542 CISA KEV 3,930 Nuclei templates 48,906 vendors 42,593 researchers
110,849 results Clear all
CVE-2016-0925 5.4 MEDIUM EPSS 0.00
EMC RSA Adaptive Authentication - XSS
Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Sep 21, 2016
CVE-2016-0921 6.5 MEDIUM EPSS 0.00
EMC Avamar Server <7.3.0-233 - Privilege Escalation
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program.
CWE-264 Sep 21, 2016
CVE-2016-0905 6.7 MEDIUM EPSS 0.00
EMC Avamar Server <7.3.0-233 - Privilege Escalation
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.
CWE-264 Sep 21, 2016
CVE-2015-8934 5.5 MEDIUM EPSS 0.01
Suse Linux Enterprise Desktop < 3.1.901a - Out-of-Bounds Read
The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.
CWE-125 Sep 20, 2016
CVE-2015-8933 5.5 MEDIUM EPSS 0.00
Libarchive < 3.1.901a - Integer Overflow
Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.
CWE-190 Sep 20, 2016
CVE-2015-8932 5.5 MEDIUM EPSS 0.01
Canonical Ubuntu Linux < 3.1.901a - Improper Input Validation
The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.
CWE-20 Sep 20, 2016
CVE-2015-8929 5.5 MEDIUM EPSS 0.00
Suse Linux Enterprise Desktop < 3.1.901a - Memory Corruption
Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.
CWE-119 Sep 20, 2016
CVE-2015-8928 5.5 MEDIUM EPSS 0.00
Canonical Ubuntu Linux < 3.1.901a - Out-of-Bounds Read
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
CWE-125 Sep 20, 2016
CVE-2015-8927 5.5 MEDIUM EPSS 0.00
Libarchive < 3.1.901a - Out-of-Bounds Read
The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.
CWE-125 Sep 20, 2016
CVE-2015-8926 5.5 MEDIUM EPSS 0.00
Canonical Ubuntu Linux < 3.1.901a - NULL Pointer Dereference
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
CWE-476 Sep 20, 2016
CVE-2015-8925 5.5 MEDIUM EPSS 0.01
Canonical Ubuntu Linux < 3.1.901a - Out-of-Bounds Read
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.
CWE-125 Sep 20, 2016
CVE-2015-8924 5.5 MEDIUM EPSS 0.00
Libarchive < 3.1.901a - Out-of-Bounds Read
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
CWE-125 Sep 20, 2016
CVE-2015-8923 6.5 MEDIUM EPSS 0.03
Libarchive < 3.1.901a - Improper Input Validation
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
CWE-20 Sep 20, 2016
CVE-2015-8922 5.5 MEDIUM EPSS 0.00
Libarchive < 3.1.901a - NULL Pointer Dereference
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.
CWE-476 Sep 20, 2016
CVE-2015-8920 5.5 MEDIUM EPSS 0.01
Novell Suse Linux Enterprise Software... - Out-of-Bounds Read
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.
CWE-125 Sep 20, 2016
CVE-2015-8916 6.5 MEDIUM EPSS 0.01
Canonical Ubuntu Linux < 3.1.901a - NULL Pointer Dereference
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.
CWE-476 Sep 20, 2016
CVE-2015-8915 5.5 MEDIUM EPSS 0.00
Libarchive < 3.1.901a - Out-of-Bounds Read
bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.
CWE-125 Sep 20, 2016
CVE-2016-0870 5.3 MEDIUM EPSS 0.01
Trane Tracer SC <4.2.1134 - Info Disclosure
The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request.
CWE-200 Sep 19, 2016
CVE-2016-6405 6.5 MEDIUM EPSS 0.00
Cisco Fog Director 1.0(0) - Auth Bypass
Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368.
CWE-20 Sep 18, 2016
CVE-2016-6404 6.1 MEDIUM EPSS 0.00
Cisco IOx Local Manager - XSS
Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854.
CWE-79 Sep 18, 2016

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF