Exploit Intelligence Platform
Updated 4h agoSearch and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.
366 results
Clear all
CVE-2014-7205
4 PoCs
Analysis
EPSS 0.84
hapi Server Framework - Code Injection
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.
CWE-94
Oct 08, 2014
CVE-2014-7192
1 PoC
Analysis
EPSS 0.44
syntax-error <1.1.1 - Code Injection
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file.
CWE-94
Dec 11, 2014
CVE-2013-4660
2 PoCs
Analysis
EPSS 0.65
JS-YAML <2.0.5 - RCE
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
CWE-20
Jun 28, 2013
CVE-2012-6708
6.1
MEDIUM
1 PoC
Analysis
EPSS 0.01
Jquery < 1.9.0 - XSS
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
CWE-79
Jan 18, 2018
CVE-2011-1714
1 PoC
Analysis
EPSS 0.09
QooxDoo 1.3 - XSS
Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
CWE-79
Apr 18, 2011
CVE-2010-2273
1 PoC
Analysis
EPSS 0.43
Dojo < 1.13.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.
CWE-79
Jun 15, 2010