CVE & Exploit Intelligence Database

Updated 1h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,281 with exploits 4,731 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,573 researchers
110,849 results Clear all
CVE-2016-4821 5.3 MEDIUM EPSS 0.01
Iodata Etx-r Firmware - Denial of Service
I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors.
Jun 19, 2016
CVE-2016-4816 6.5 MEDIUM EPSS 0.00
Buffalo Wzr-600dhp3 Firmware < 2.16 - Information Disclosure
BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors.
CWE-200 Jun 19, 2016
CVE-2016-1424 6.5 MEDIUM EPSS 0.00
Cisco IOS <15.2(2)TST - DoS
Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132.
CWE-119 Jun 19, 2016
CVE-2016-1397 6.5 MEDIUM EPSS 0.01
Cisco - Buffer Overflow
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523.
CWE-119 Jun 19, 2016
CVE-2016-1396 6.1 MEDIUM EPSS 0.00
Cisco - XSS
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.
CWE-79 Jun 19, 2016
CVE-2016-1224 6.1 MEDIUM EPSS 0.00
Trend Micro Worry-Free - XSS
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.
CWE-79 Jun 19, 2016
CVE-2016-1223 5.3 MEDIUM EPSS 0.02
Trend Micro Office Scan <11.0 - Path Traversal
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.
CWE-22 Jun 19, 2016
CVE-2016-1432 6.5 MEDIUM EPSS 0.00
Cisco IOS XE <3.15S/3.16S - DoS
Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862.
CWE-399 Jun 18, 2016
CVE-2016-1431 6.1 MEDIUM EPSS 0.00
Cisco Firepower Management Center <5.4.0 - XSS
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516.
CWE-79 Jun 18, 2016
CVE-2016-5433 6.1 MEDIUM EPSS 0.00
Citrix Ios Receiver < 6.1.5 - Improper Input Validation
Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors.
CWE-310 Jun 17, 2016
CVE-2016-3687 5.3 MEDIUM EPSS 0.00
F5 BIG-IP APM <11.6.0 HF6 - Open Redirect
Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in the SSO_ORIG_URI parameter.
Jun 16, 2016
CVE-2016-2841 6.0 MEDIUM EPSS 0.00
Qemu < 2.5.0 - Improper Input Validation
The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.
CWE-20 Jun 16, 2016
CVE-2016-2392 6.5 MEDIUM EPSS 0.00
Qemu - Denial of Service
The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.
Jun 16, 2016
CVE-2016-2391 5.0 MEDIUM EPSS 0.00
Qemu < 2.5.1.1 - NULL Pointer Dereference
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.
CWE-476 Jun 16, 2016
CVE-2012-6702 5.9 MEDIUM 1 PoC Analysis EPSS 0.01
Libexpat < 2.2.0 - Cryptographic Issue
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
CWE-310 Jun 16, 2016
CVE-2016-4164 6.1 MEDIUM EPSS 0.01
Adobe Brackets <1.7 - XSS
Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Jun 16, 2016
CVE-2016-4159 6.1 MEDIUM EPSS 0.01
Adobe ColdFusion <10-Update 20, 11-Update 9, 2016-Update 2 - XSS
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Jun 16, 2016
CVE-2016-3234 5.5 MEDIUM EPSS 0.27
Microsoft Office - Information Disclosure
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
CWE-200 Jun 16, 2016
CVE-2016-3232 5.0 MEDIUM EPSS 0.17
Microsoft Windows Server 2012 - Information Disclosure
The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted application, aka "Windows Virtual PCI Information Disclosure Vulnerability."
CWE-200 Jun 16, 2016
CVE-2016-3230 5.0 MEDIUM EPSS 0.01
Microsoft Windows 10 - Improper Input Validation
The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka "Windows Search Component Denial of Service Vulnerability."
CWE-20 Jun 16, 2016

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF