CVE & Exploit Intelligence Database

Updated 39m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,283 with exploits 4,731 exploited in wild 1,542 CISA KEV 3,930 Nuclei templates 37,826 vendors 42,577 researchers
110,849 results Clear all
CVE-2016-2775 5.9 MEDIUM EPSS 0.32
Hp-ux < 9.9.8 - Improper Input Validation
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
CWE-20 Jul 19, 2016
CVE-2016-1459 5.3 MEDIUM EPSS 0.01
Cisco IOS <15.6 - DoS
Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061.
CWE-399 Jul 17, 2016
CVE-2016-0393 5.3 MEDIUM EPSS 0.00
IBM Maximo Asset Management <7.5.0.10-TIV-MBS-IFIX002, <7.6.0.5-TIV...
IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files.
CWE-200 Jul 17, 2016
CVE-2016-0321 6.2 MEDIUM EPSS 0.00
IBM Personal Communications <6.0.17-12.0.0.1 - Info Disclosure
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
CWE-200 Jul 17, 2016
CVE-2016-5660 6.1 MEDIUM EPSS 0.03
Accela Civic Platform - XSS
Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter.
CWE-79 Jul 15, 2016
CVE-2016-2865 6.5 MEDIUM EPSS 0.00
IBM Rational Team Concert - Information Disclosure
The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed request.
CWE-200 Jul 15, 2016
CVE-2016-0357 4.3 MEDIUM EPSS 0.00
IBM Security Identity Manager (ISIM) Virtual Appliance <7.0.1.1 - CSRF
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site.
CWE-284 Jul 15, 2016
CVE-2016-0339 5.6 MEDIUM EPSS 0.00
IBM Security Identity Manager (ISIM) Virtual Appliance <7.0.1.1 - I...
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."
CWE-284 Jul 15, 2016
CVE-2016-0338 6.2 MEDIUM EPSS 0.00
IBM Security Identity Manager Virtual Appliance <7.0.1.1 - Info Dis...
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by (1) reading a configuration file or (2) examining a process.
CWE-200 Jul 15, 2016
CVE-2016-0269 5.4 MEDIUM EPSS 0.00
IBM BigFix Platform <9.1.8, <9.2.7 - XSS
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CWE-79 Jul 15, 2016
CVE-2016-5797 5.3 MEDIUM EPSS 0.00
Tollgrade LightHouse SMS <5.1-3 - Info Disclosure
Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of attempts.
CWE-200 Jul 15, 2016
CVE-2016-5787 6.3 MEDIUM EPSS 0.00
General Electric GE Digital Proficy HMI/SCADA - CIMPLICITY <8.2 SIM...
General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.
CWE-668 Jul 15, 2016
CVE-2016-1452 6.5 MEDIUM EPSS 0.00
Cisco ASR 5000 <20.0.0 - Privilege Escalation
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526.
CWE-254 Jul 15, 2016
CVE-2016-1451 6.1 MEDIUM EPSS 0.00
Cisco Meeting Server <1.9 - XSS
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922.
CWE-79 Jul 15, 2016
CVE-2016-1449 6.1 MEDIUM EPSS 0.00
Cisco WebEx Meetings Server 2.6 - XSS
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711.
CWE-79 Jul 15, 2016
CVE-2016-1447 6.1 MEDIUM EPSS 0.00
Cisco WebEx Meetings Server 2.6 - XSS
Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194.
CWE-79 Jul 15, 2016
CVE-2016-5109 4.3 MEDIUM EPSS 0.00
Citrix Xenmobile Mdx Toolkit - Improper Access Control
Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication.
CWE-284 Jul 13, 2016
CVE-2016-5092 4.9 MEDIUM EPSS 0.00
Fortinet Fortiweb < 5.5.2 - Path Traversal
Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature.
CWE-22 Jul 13, 2016
CVE-2015-8808 5.5 MEDIUM EPSS 0.00
Graphicsmagick < 1.3.17 - Memory Corruption
The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.
CWE-119 Jul 13, 2016
CVE-2016-4247 5.3 MEDIUM EPSS 0.01
Adobe Flash Player <22.0.0.209 - Info Disclosure
Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information via unspecified vectors.
CWE-362 Jul 13, 2016

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF