The Quarterly Threat Landscape Report is out. See what attackers are targeting now.Read report
Rapid7

Vulnerability & Exploit Database

Rapid7’s curated database of vulnerabilities, featuring exploit modules and check methods integrated into the Metasploit Framework.

Module TitleCheck MethodPlatformTypeDisclosure Date
HP Poly Voice Unauthenticated Remote Code Execution
Unix
exploitJun 1, 2026
Linux Kernel __ptrace_may_access() Exit Race chage File Disclosure
Linux
postMay 14, 2026
xfrm-ESP Page-Cache Write via CVE-2026-43284
LinuxUnix
exploitMay 8, 2026
rxkad Page-Cache Write via CVE-2026-43500
LinuxUnix
exploitMay 8, 2026
Cisco Catalyst SD-WAN Controller vHub Authentication Bypass
auxiliaryMay 7, 2026
Dalfox Found-Action Deserialization RCE
LinuxUnix
exploitMay 7, 2026
Copy Fail AF_ALG + authencesn Page-Cache Write
LinuxUnix
exploitApr 29, 2026
Apache ActiveMQ RCE via Jolokia addNetworkConnector
LinuxUnixWindows
exploitApr 29, 2026
cPanel/WHM CRLF Injection Authentication Bypass RCE
Unix
exploitApr 28, 2026
Flowise CSV Agent Prompt Injection RCE
LinuxUnixWindows
exploitApr 22, 2026
Xerte Online Toolkits Arbitrary File Upload - Unauthenticated Media Upload
LinuxPHP
exploitApr 22, 2026
BerriAI LiteLLM Proxy Pre-Auth SQL Injection Scanner
auxiliaryApr 20, 2026
Paperclip AI RCE using a chain of six API calls (CVE-2026-41679).
LinuxOSXUnix
exploitApr 10, 2026
Supsystic Contact Form Wordpress Plugin SSTI RCE
LinuxUnixWindows
exploitMar 30, 2026
Citrix ADC (NetScaler) CVE-2026-3055 Scanner
auxiliaryMar 23, 2026
Gogs Git Rebase Argument Injection RCE
LinuxUnixWindows
exploitMar 17, 2026
AVideo Unauthenticated SQL Injection Credential Dump
auxiliaryMar 5, 2026
AVideo Encoder getImage.php Unauthenticated Command Injection
LinuxUnix
exploitMar 5, 2026
FreeScout Unauthenticated RCE via ZWSP .htaccess Bypass
LinuxPHPUnixWindows
exploitMar 1, 2026
openDCIM install.php SQL Injection to RCE
LinuxUnix
exploitFeb 28, 2026
Generic HTTP Command Execution
LinuxOSXUnixWindows
exploitFeb 26, 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass
auxiliaryFeb 25, 2026
Langflow RCE
LinuxPythonUnix
exploitFeb 25, 2026
GrandStream GXP1600 Unauthenticated Remote Code Execution
LinuxUnix
exploitFeb 18, 2026
MajorDoMo Remote Command Injection via cycle_execs Race Condition
LinuxUnixWindows
exploitFeb 18, 2026
1-25 of 7111