CVE & Exploit Intelligence Database

Updated 1h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,274 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,563 researchers
110,849 results Clear all
CVE-2016-3973 5.3 MEDIUM EPSS 0.01
SAP NetWeaver Java AS <7.5 - Info Disclosure
The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990.
CWE-200 Apr 07, 2016
CVE-2016-2858 6.5 MEDIUM EPSS 0.00
Qemu < 2.5.1.1 - Denial of Service
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
CWE-331 Apr 07, 2016
CVE-2016-0734 6.1 MEDIUM EPSS 0.03
Apache ActiveMQ <5.13.2 - CSRF
The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.
CWE-254 Apr 07, 2016
CVE-2015-8305 5.5 MEDIUM EPSS 0.00
Huawei Sophia-L10 <P7-L10C900B852 - DoS
Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege.
CWE-20 Apr 07, 2016
CVE-2016-1563 6.8 MEDIUM EPSS 0.00
NetApp Clustered Data ONTAP 8.3.1 - Info Disclosure
NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CWE-20 Apr 07, 2016
CVE-2016-2292 6.5 MEDIUM EPSS 0.02
Schneider-electric Proface Gp-pro EX Ex-ed - Out-of-Bounds Write
Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute arbitrary code via unspecified vectors.
CWE-787 Apr 06, 2016
CVE-2016-2291 6.5 MEDIUM EPSS 0.01
Schneider-electric Proface Gp-pro EX Ex-ed - Out-of-Bounds Read
Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
CWE-125 Apr 06, 2016
CVE-2016-2277 6.3 MEDIUM EPSS 0.00
Rockwellautomation Integrated Archite... - Improper Access Control
IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file.
CWE-284 Apr 06, 2016
CVE-2016-1346 5.9 MEDIUM EPSS 0.01
Cisco TelePresence Server <4.2(4.18) - DoS
The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.
CWE-399 Apr 06, 2016
CVE-2016-1173 6.1 MEDIUM EPSS 0.00
Menubook <0.9.3 - XSS
Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Apr 06, 2016
CVE-2016-1171 6.1 MEDIUM EPSS 0.00
baserCMS <0.9.3 - XSS
Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Apr 06, 2016
CVE-2016-1169 6.1 MEDIUM EPSS 0.00
baserCMS <0.9.4 - XSS
Cross-site scripting (XSS) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CWE-79 Apr 06, 2016
CVE-2016-3969 6.1 MEDIUM EPSS 0.00
McAfee Email Gateway <7.6.404 - XSS
Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email.
CWE-79 Apr 06, 2016
CVE-2016-3968 6.1 MEDIUM EPSS 0.00
Sophos Cyberoam CR100iNG UTM <10.6.3 MR-1 build 503 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header.
CWE-79 Apr 06, 2016
CVE-2016-3118 6.5 MEDIUM EPSS 0.00
CA API Gateway <7.1.04-8.3.01-8.4 - CRLF Injection
CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors.
Apr 06, 2016
CVE-2016-1177 6.1 MEDIUM EPSS 0.00
Falcon WisePoint <4.3.1 - CSRF
The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CWE-254 Apr 05, 2016
CVE-2016-1789 5.5 MEDIUM EPSS 0.01
Apple iBooks Author <2.4.1 - Info Disclosure
Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Apr 05, 2016
CVE-2016-1176 6.3 MEDIUM EPSS 0.01
Sharp EVA Animeter - Buffer Overflow
Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbitrary code via a crafted web page.
CWE-119 Apr 05, 2016
CVE-2016-1175 4.3 MEDIUM EPSS 0.00
AQUOS Photo Player HN-PP150 <1.03.01.04 - CSRF
Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users.
CWE-352 Apr 05, 2016
CVE-2016-0289 4.3 MEDIUM EPSS 0.00
IBM Maximo Asset Mgmt <7.5.0.10, <7.6.0.4 - Auth Bypass
shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors.
CWE-284 Apr 05, 2016

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-4105: systemd-machined Privilege Escalation - 72 Minutes from Drop to Bypass
Mar 13, 2026
CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-3910
Google Chrome <146.0.7680.75 - RCE
 CVE-2026-3909
Google Chrome < 146.0.7680.75 - Out-of-Bounds Access
 CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF