• Home
  • Vulnerability & Exploit Database

Vulnerability & Exploit Database

Try Surface Command Get a continuous 360° view of your attack surface

A curated repository of vetted computer software exploits and exploitable vulnerabilities.

Technical details for over 180,000 vulnerabilities and 4,000 exploits are available for security professionals and researchers to review. The exploits are all included in the Metasploit framework. Our vulnerability and exploit database is updated frequently and contains the most recent security research.

Results 01 - 20 of 6,005 in total
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
Disclosed: February 13, 2025
module
Explore
InvokeAI RCE
Disclosed: February 07, 2025
module
Explore
D-Tale RCE
Disclosed: February 05, 2025
module
Explore
NetAlertX File Read Vulnerability
Disclosed: January 30, 2025
module
Explore
Unauthenticated RCE in NetAlertX
Disclosed: January 30, 2025
module
Explore
SimpleHelp Path Traversal Vulnerability CVE-2024-57727
Disclosed: January 12, 2025
module
Explore
Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).
Disclosed: December 27, 2024
module
Explore
Windows Cloud File Mini Filer Driver Heap Overflow
Disclosed: December 19, 2024
module
Explore
Craft CMS Twig Template Injection RCE via FTP Templates Path
Disclosed: December 19, 2024
module
Explore
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
Disclosed: December 16, 2024
module
Explore
Invoice Ninja unauthenticated PHP Deserialization Vulnerability
Disclosed: December 13, 2024
module
Explore
InvoiceShelf unauthenticated PHP Deserialization Vulnerability
Disclosed: December 13, 2024
module
Explore
Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution
Disclosed: December 09, 2024
module
Explore
mySCADA myPRO Manager Unauthenticated Command Injection (CVE-2024-47407)
Disclosed: November 21, 2024
module
Explore
Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password
Disclosed: November 21, 2024
module
Explore
Ubuntu needrestart Privilege Escalation
Disclosed: November 19, 2024
module
Explore
Palo Alto Networks PAN-OS Management Interface Unauthenticated Remote Code Execution
Disclosed: November 18, 2024
module
Explore
WordPress WP Time Capsule Arbitrary File Upload to RCE
Disclosed: November 15, 2024
module
Explore
LibreNMS Authenticated RCE (CVE-2024-51092)
Disclosed: November 15, 2024
module
Explore
WordPress Really Simple SSL Plugin Authentication Bypass to RCE
Disclosed: November 14, 2024
module
Explore