CVE & Exploit Intelligence Database

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

337,123 CVEs tracked 53,219 with exploits 4,686 exploited in wild 1,539 CISA KEV 3,912 Nuclei templates 37,757 vendors 42,422 researchers
116 results Clear all
CVE-2022-43679 4.2 MEDIUM EPSS 0.00
ownCloud Server <=10.11 - Info Disclosure
The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages.
CWE-284 Nov 10, 2022
CVE-2022-31649 7.5 HIGH EPSS 0.00
Owncloud < 10.10.0 - Exposure to Wrong Actor
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.
CWE-668 Jun 09, 2022
CVE-2021-35948 5.4 MEDIUM EPSS 0.00
ownCloud Server <10.8.0 - Auth Bypass
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie.
CWE-384 Sep 07, 2021
CVE-2021-35946 9.8 CRITICAL EPSS 0.00
ownCloud <10.8 - Privilege Escalation
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.
CWE-269 Sep 07, 2021
CVE-2021-35949 5.3 MEDIUM EPSS 0.00
ownCloud Server <10.8.0 - Auth Bypass
The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.
CWE-863 Sep 07, 2021
CVE-2021-35947 5.3 MEDIUM EPSS 0.00
ownCloud <10.8.0 - Info Disclosure
The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL.
CWE-209 Sep 07, 2021
CVE-2020-36251 3.5 LOW EPSS 0.00
ownCloud Server <10.3.0 - Info Disclosure
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.
Feb 19, 2021
CVE-2020-10254 5.9 MEDIUM EPSS 0.00
Owncloud < 10.4.0 - Authentication Bypass
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.
CWE-287 Feb 19, 2021
CVE-2020-10252 8.3 HIGH EPSS 0.01
Owncloud < 10.4.0 - SSRF
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.
CWE-918 Feb 19, 2021
CVE-2020-28645 9.1 CRITICAL EPSS 0.00
Owncloud < 10.6.0 - Improper Input Validation
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.
CWE-20 Feb 09, 2021
CVE-2020-28644 4.3 MEDIUM EPSS 0.00
Owncloud < 10.6.0 - CSRF
The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.
CWE-352 Feb 09, 2021
CVE-2020-16255 6.1 MEDIUM EPSS 0.00
Owncloud < 10.5 - XSS
ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.'
CWE-79 Jan 15, 2021
CVE-2015-4715 4.9 MEDIUM 1 Writeup EPSS 0.01
ownCloud Server <6.0.8, <7.0.6, <8.0.4 - Info Disclosure
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
CWE-552 Feb 17, 2020
CVE-2014-2052 9.8 CRITICAL EPSS 0.01
Zend Framework <6.0.2 - Info Disclosure
Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
CWE-611 Feb 11, 2020
CVE-2014-2050 6.5 MEDIUM EPSS 0.00
ownCloud Server <6.0.2 - CSRF
Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header.
CWE-352 Jan 23, 2020
CVE-2013-0203 5.4 MEDIUM EPSS 0.00
Owncloud < 4.0.10 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php.
CWE-79 Nov 22, 2019
CVE-2014-2048 9.8 CRITICAL EPSS 0.01
ownCloud Server <5.0.15 - Info Disclosure
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation.
CWE-284 Mar 26, 2018
CVE-2014-1665 5.4 MEDIUM 1 PoC Analysis EPSS 0.00
ownCloud <6.0.1 - XSS
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
CWE-79 Mar 20, 2018
CVE-2017-9340 6.5 MEDIUM EPSS 0.00
ownCloud Server <10.0.2 - Privilege Escalation
An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2.
Jul 17, 2017
CVE-2017-9339 5.3 MEDIUM EPSS 0.00
ownCloud Server <10.0.2 - Info Disclosure
A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
Jul 17, 2017

Investigate

Critical + Public Exploits Exploited in Wild + PoC High EPSS (>=0.7) + PoC With Nuclei Templates Latest Public Exploits

Ecosystems

Linux Maven Packagist PyPI npm Go ecosystem RubyGems crates.io NuGet Hex SwiftURL GitHub Actions

Reference Indexes

Exploit Database Researchers Vendors CWE Categories

Recent Blog Posts

CVE-2026-28391: OpenClaw Command Injection - The Day I Hacked Myself
Mar 09, 2026
Introducing FuzzForge: Autonomous Source-Code Fuzzing - Finding Bugs in nginx in 112 Minutes
Mar 08, 2026
CVE-2025-68670 Part 2: From Crash to RCE - The One That Fought Back (and Lost)
Mar 04, 2026
CVE-2025-68670: Pre-Auth xrdp Overflow - The One Where the Protocol Fought Back
Mar 04, 2026
CVE-2025-62507: Redis Stack Overflow to RCE in 68 Minutes - Then We Turned ASLR On
Mar 03, 2026
CVE-2025-15467: From OpenSSL Stack Overflow to Three ROP Chains in 64 Minutes - Introducing Stackforge
Mar 03, 2026
 View all posts →

CVEForge Labs

CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVE-2021-32824 CRITICAL
Apache Dubbo <2.6.10-2.7.10 - RCE
CVE-2023-42117 CRITICAL
Exim < 4.96.2 - Remote Code Execution
CVE-2024-31866 CRITICAL
Apache Zeppelin <0.11.1 - RCE
CVE-2024-37288 CRITICAL
Elastic Kibana - Insecure Deserialization
CVE-2024-43115 HIGH
Apache DolphinScheduler <3.2.2 - RCE
CVE-2024-45409 CRITICAL
Ruby-SAML <=1.16.0 - Auth Bypass
CVE-2024-56143 HIGH
Strapi < 5.5.2 - IDOR
CVE-2025-10622 HIGH
Red Hat Satellite - Command Injection
CVE-2025-11539 CRITICAL
Grafana Image Renderer - RCE
 View all labs →

KEV Gaps

CVE-2026-1603
Ivanti Endpoint Manager < 2024 - Authentication Bypass
 CVE-2023-43000
macOS Ventura <13.5-iPadOS <16.6-Safari <16.6 - Use After Free
 CVE-2021-30952
tvOS <15.2 - RCE
 CVE-2021-22681
Rockwell Automation Studio 5000 <21 - Path Traversal
 CVE-2026-22719
VMware Aria Operations - Command Injection
 CVE-2026-25108
FileZen - Command Injection
 CVE-2026-22769
Dell RecoverPoint <6.0.3.1 HF1 - Auth Bypass
 CVE-2021-22175
Gitlab < 13.6.7 - SSRF
 CVE-2024-7694
Teamt5 Threatsonar Anti-ransomware < 3.5.0 - Unrestricted File Upload
 CVE-2020-7796
Zimbra Collaboration Suite <8.8.15 Patch 7 - SSRF
 CVE-2026-21525
Microsoft Windows 10 1607 < 10.0.14393.8868 - NULL Pointer Dereference
 CVE-2026-21519
Microsoft Windows 10 1607 < 10.0.14393.8868 - Type Confusion