Home
Vulnerability & Exploit Database

Vulnerability & Exploit Database

Vulnerability Scanner

2024 Attack Intel Report

A curated repository of vetted computer software exploits and exploitable vulnerabilities.

Technical details for over 180,000 vulnerabilities and 4,000 exploits are available for security professionals and researchers to review. These vulnerabilities are utilized by our vulnerability management tool InsightVM. The exploits are all included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro. Our vulnerability and exploit database is updated frequently and contains the most recent security research.

Results 01 - 20 of 5,799 in total

WordPress TI WooCommerce Wishlist SQL Injection (CVE-2024-43917)

Disclosed: September 25, 2024

WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)

Disclosed: September 11, 2024

VICIdial Authenticated Remote Code Execution

Disclosed: September 10, 2024

Vicidial SQL Injection Time-based Admin Credentials Enumeration

Disclosed: September 10, 2024

SPIP BigUp Plugin Unauthenticated RCE

Disclosed: September 06, 2024

Wordpress LiteSpeed Cache plugin cookie theft

Disclosed: September 04, 2024

WhatsUp Gold SQL Injection (CVE-2024-6670)

Disclosed: August 29, 2024

GiveWP Unauthenticated Donation Process Exploit

Disclosed: August 25, 2024

Traccar v5 Remote Code Execution (CVE-2024-31214 and CVE-2024-24809)

Disclosed: August 23, 2024

SolarWinds Web Help Desk Backdoor (CVE-2024-28987)

Disclosed: August 22, 2024

SPIP Unauthenticated RCE via porte_plume Plugin

Disclosed: August 16, 2024

BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)

Disclosed: August 15, 2024

Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)

Disclosed: August 05, 2024

Calibre Python Code Injection (CVE-2024-6782)

Disclosed: July 31, 2024

CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)

Disclosed: July 26, 2024

Acronis Cyber Infrastructure default password remote code execution

Disclosed: July 24, 2024

Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419)

Disclosed: July 20, 2024

Geoserver unauthenticated Remote Code Execution

Disclosed: July 01, 2024

Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)

Disclosed: June 25, 2024

Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read

Disclosed: June 25, 2024

1
2
3
...