• Home
  • Vulnerability & Exploit Database

Vulnerability & Exploit Database

Try Surface Command Get a continuous 360° view of your attack surface

A curated repository of vetted computer software exploits and exploitable vulnerabilities.

Technical details for over 180,000 vulnerabilities and 4,000 exploits are available for security professionals and researchers to review. The exploits are all included in the Metasploit framework. Our vulnerability and exploit database is updated frequently and contains the most recent security research.

Results 01 - 20 of 6,066 in total
Invision Community 5.0.6 customCss RCE
Disclosed: 5月 16, 2025
module
Explore
Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution
Disclosed: 5月 13, 2025
module
Explore
WordPress Depicter Plugin SQL Injection (CVE-2025-2011)
Disclosed: 5月 08, 2025
module
Explore
Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)
Disclosed: 4月 30, 2025
module
Explore
Erlang OTP Pre-Auth RCE Scanner and Exploit
Disclosed: 4月 16, 2025
module
Explore
Craft CMS Image Transform Preauth RCE (CVE-2025-32432)
Disclosed: 4月 14, 2025
module
Explore
Langflow AI RCE
Disclosed: 4月 09, 2025
module
Explore
BentoML's runner server RCE
Disclosed: 4月 09, 2025
module
Explore
BentoML RCE
Disclosed: 4月 04, 2025
module
Explore
Ivanti Connect Secure Unauthenticated Remote Code Execution via Stack-based Buffer Overflow
Disclosed: 4月 03, 2025
module
Explore
pgAdmin Query Tool authenticated RCE (CVE-2025-2945)
Disclosed: 4月 03, 2025
module
Explore
Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization
Disclosed: 4月 03, 2025
module
Explore
Appsmith RCE
Disclosed: 3月 25, 2025
module
Explore
WP User Registration and Membership Unauthenticated Privilege Escalation (CVE-2025-2563)
Disclosed: 3月 24, 2025
module
Explore
Pandora FMS authenticated command injection leading to RCE via chromium_path or phantomjs_bin
Disclosed: 3月 17, 2025
module
Explore
Sante PACS Server Path Traversal (CVE-2025-2264)
Disclosed: 3月 13, 2025
module
Explore
WordPress SureTriggers (aka OttoKit) Combined Auth Bypass (CVE-2025-3102, CVE-2025-27007)
Disclosed: 3月 13, 2025
module
Explore
GLPI Inventory Plugin Unauthenticated Blind Boolean SQLi
Disclosed: 3月 12, 2025
module
Explore
Tomcat Partial PUT Java Deserialization
Disclosed: 3月 10, 2025
module
Explore
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
Disclosed: 2月 13, 2025
module
Explore