• Home
  • Vulnerability & Exploit Database

Vulnerability & Exploit Database

Try Surface Command Get a continuous 360° view of your attack surface

A curated repository of vetted computer software exploits and exploitable vulnerabilities.

Technical details for over 180,000 vulnerabilities and 4,000 exploits are available for security professionals and researchers to review. The exploits are all included in the Metasploit framework. Our vulnerability and exploit database is updated frequently and contains the most recent security research.

Results 41 - 60 of 6,012 in total
SPIP Unauthenticated RCE via porte_plume Plugin
Disclosed: August 16, 2024
module
Explore
BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)
Disclosed: August 15, 2024
module
Explore
Asterisk AMI Originate Authenticated RCE
Disclosed: August 08, 2024
module
Explore
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
Disclosed: August 05, 2024
module
Explore
Calibre Python Code Injection (CVE-2024-6782)
Disclosed: July 31, 2024
module
Explore
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)
Disclosed: July 26, 2024
module
Explore
Acronis Cyber Infrastructure default password remote code execution
Disclosed: July 24, 2024
module
Explore
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419)
Disclosed: July 20, 2024
module
Explore
ProjectSend r1295 - r1605 Unauthenticated Remote Code Execution
Disclosed: July 19, 2024
module
Explore
Geoserver unauthenticated Remote Code Execution
Disclosed: July 01, 2024
module
Explore
Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read
Disclosed: June 25, 2024
module
Explore
Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
Disclosed: June 25, 2024
module
Explore
vCenter Sudo Privilege Escalation
Disclosed: June 18, 2024
module
Explore
Magento XXE Unserialize Arbitrary File Read
Disclosed: June 11, 2024
module
Explore
Windows Access Mode Mismatch LPE in ks.sys
Disclosed: June 11, 2024
module
Explore
Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes
Disclosed: June 11, 2024
module
Explore
PHP CGI Argument Injection Remote Code Execution
Disclosed: June 06, 2024
module
Explore
Telerik Report Server Auth Bypass
Disclosed: June 04, 2024
module
Explore
Telerik Report Server Auth Bypass and Deserialization RCE
Disclosed: June 04, 2024
module
Explore
WSO2 API Manager Documentation File Upload Remote Code Execution
Disclosed: May 31, 2024
module
Explore