• Home
  • Vulnerability & Exploit Database

Vulnerability & Exploit Database

Try Surface Command Get a continuous 360° view of your attack surface

A curated repository of vetted computer software exploits and exploitable vulnerabilities.

Technical details for over 180,000 vulnerabilities and 4,000 exploits are available for security professionals and researchers to review. The exploits are all included in the Metasploit framework. Our vulnerability and exploit database is updated frequently and contains the most recent security research.

Results 01 - 20 of 6,066 in total
Invision Community 5.0.6 customCss RCE
Disclosed: May 16, 2025
module
Explore
Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution
Disclosed: May 13, 2025
module
Explore
WordPress Depicter Plugin SQL Injection (CVE-2025-2011)
Disclosed: May 08, 2025
module
Explore
Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)
Disclosed: April 30, 2025
module
Explore
Erlang OTP Pre-Auth RCE Scanner and Exploit
Disclosed: April 16, 2025
module
Explore
Craft CMS Image Transform Preauth RCE (CVE-2025-32432)
Disclosed: April 14, 2025
module
Explore
Langflow AI RCE
Disclosed: April 09, 2025
module
Explore
BentoML's runner server RCE
Disclosed: April 09, 2025
module
Explore
BentoML RCE
Disclosed: April 04, 2025
module
Explore
Ivanti Connect Secure Unauthenticated Remote Code Execution via Stack-based Buffer Overflow
Disclosed: April 03, 2025
module
Explore
Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization
Disclosed: April 03, 2025
module
Explore
pgAdmin Query Tool authenticated RCE (CVE-2025-2945)
Disclosed: April 03, 2025
module
Explore
Appsmith RCE
Disclosed: March 25, 2025
module
Explore
WP User Registration and Membership Unauthenticated Privilege Escalation (CVE-2025-2563)
Disclosed: March 24, 2025
module
Explore
Pandora FMS authenticated command injection leading to RCE via chromium_path or phantomjs_bin
Disclosed: March 17, 2025
module
Explore
Sante PACS Server Path Traversal (CVE-2025-2264)
Disclosed: March 13, 2025
module
Explore
WordPress SureTriggers (aka OttoKit) Combined Auth Bypass (CVE-2025-3102, CVE-2025-27007)
Disclosed: March 13, 2025
module
Explore
GLPI Inventory Plugin Unauthenticated Blind Boolean SQLi
Disclosed: March 12, 2025
module
Explore
Tomcat Partial PUT Java Deserialization
Disclosed: March 10, 2025
module
Explore
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
Disclosed: February 13, 2025
module
Explore