Home
Vulnerability & Exploit Database

Vulnerability & Exploit Database

Vulnerability Scanner

2024 Attack Intel Report

A curated repository of vetted computer software exploits and exploitable vulnerabilities.

Technical details for over 180,000 vulnerabilities and 4,000 exploits are available for security professionals and researchers to review. These vulnerabilities are utilized by our vulnerability management tool InsightVM. The exploits are all included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro. Our vulnerability and exploit database is updated frequently and contains the most recent security research.

Results 01 - 20 of 5,846 in total

Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).

Disclosed: December 27, 2024

Craft CMS Twig Template Injection RCE via FTP Templates Path

Disclosed: December 19, 2024

Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution

Disclosed: December 09, 2024

Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password

Disclosed: November 21, 2024

Ubuntu needrestart Privilege Escalation

Disclosed: November 19, 2024

Palo Alto Networks PAN-OS Management Interface Unauthenticated Remote Code Execution

Disclosed: November 18, 2024

WordPress WP Time Capsule Arbitrary File Upload to RCE

Disclosed: November 15, 2024

LibreNMS Authenticated RCE (CVE-2024-51092)

Disclosed: November 15, 2024

WordPress Really Simple SSL Plugin Authentication Bypass to RCE

Disclosed: November 14, 2024

Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)

Disclosed: October 28, 2024

CyberPanel Multi CVE Pre-auth RCE

Disclosed: October 27, 2024

Fortinet FortiManager Unauthenticated RCE

Disclosed: October 23, 2024

OneDev Unauthenticated Arbitrary File Read

Disclosed: October 19, 2024

Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)

Disclosed: October 09, 2024

Ivanti Connect Secure Authenticated Remote Code Execution via OpenSSL CRLF Injection

Disclosed: October 08, 2024

CUPS IPP Attributes LAN Remote Code Execution

Disclosed: September 26, 2024

WordPress TI WooCommerce Wishlist SQL Injection (CVE-2024-43917)

Disclosed: September 25, 2024

WordPress LearnPress Unauthenticated SQLi (CVE-2024-8522, CVE-2024-8529)

Disclosed: September 11, 2024

VICIdial Authenticated Remote Code Execution

Disclosed: September 10, 2024

Vicidial SQL Injection Time-based Admin Credentials Enumeration

Disclosed: September 10, 2024

1
2
3
...