API Resources
GET/v3/index/{index}/cursor
/v3/index/{index}/cursor
Retrieve an unlimited paginated list of all documents from the index of your choice. By default, a maximum of 100 documents are shown per page.
Path Parameters
indexrequired
string
Name of an Exploit, Vulnerability, or IP Intelligence index
Query Parameters for All Indexes
cursor
string
Specify the cursor value to page with.
Example Requests
Exploits
curl --request GET \
--url https://api.vulncheck.com/v3/index/exploits/cursor \
--header "Accept: application/json" \
--header 'Authorization: Bearer insert_token_here'
Response
{
"_benchmark": 0.092906,
"_meta": {
"timestamp": "2024-02-23T18:08:24.8902244Z",
"index": "exploits",
"limit": 100,
"total_documents": 79387,
"sort": "_timestamp",
"parameters": [
{
"name": "cve",
"format": "CVE-YYYY-N{4-7}"
},
{
"name": "alias"
},
{
"name": "iava",
"format": "[0-9]{4}[A-Z-0-9]+"
},
{
"name": "threat_actor"
},
{
"name": "mitre_id"
},
{
"name": "misp_id"
},
{
"name": "ransomware"
},
{
"name": "botnet"
},
{
"name": "published"
},
{
"name": "lastModStartDate",
"format": "YYYY-MM-DD"
},
{
"name": "lastModEndDate",
"format": "YYYY-MM-DD"
},
{
"name": "pubStartDate",
"format": "YYYY-MM-DD"
},
{
"name": "pubEndDate",
"format": "YYYY-MM-DD"
}
],
"order": "desc",
"next_cursor": "MjAyNC0wMi0yM1QxNToxNTo1N1o="
},
"data": [
{
"id": "CVE-2024-1709",
"public_exploit_found": true,
"commercial_exploit_found": false,
"weaponized_exploit_found": true,
"max_exploit_maturity": "weaponized",
"reported_exploited": true,
"reported_exploited_by_threat_actors": true,
"reported_exploited_by_ransomware": true,
"reported_exploited_by_botnets": false,
"inKEV": true,
"inVCKEV": true,
"timeline": {
"nvd_published": "2024-02-21T16:15:00Z",
"nvd_last_modified": "2024-02-23T02:00:00Z",
"first_exploit_published": "2024-02-20T00:00:00Z",
"most_recent_exploit_published": "2024-02-22T00:00:00Z",
"first_reported_threat_actor": "2024-02-20T00:00:00Z",
"most_recent_reported_threat_actor": "2024-02-21T00:00:00Z",
"first_reported_ransomware": "2024-02-22T00:00:00Z",
"most_recent_reported_ransomware": "2024-02-22T00:00:00Z",
"cisa_kev_date_added": "2024-02-22T00:00:00Z",
"cisa_kev_date_due": "2024-02-29T00:00:00Z",
"vulncheck_kev_date_added": "2024-02-20T00:00:00Z",
"vulncheck_kev_date_due": "2024-02-29T00:00:00Z"
},
"trending": {
"github": false
},
"epss": {
"epss_score": 0.93461,
"epss_percentile": 0.99017,
"last_modified": "2024-02-23T10:38:36.110896Z"
},
"counts": {
"exploits": 7,
"threat_actors": 1,
"botnets": 0,
"ransomware_families": 1
},
"exploits": [
{
"url": "https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2",
"name": "Detection Guidance for ConnectWise CVE-2024-1709",
"refsource": "blogs",
"date_added": "2024-02-20T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "privately-available"
},
{
"url": "https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass",
"name": "A Catastrophe For Control: Understanding the ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)",
"refsource": "blogs",
"date_added": "2024-02-21T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/",
"name": "ConnectWise ScreenConnect: Authentication Bypass Deep Dive",
"refsource": "blogs",
"date_added": "2024-02-21T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://www.logpoint.com/en/blog/emerging-threats/screenconnect-authentication-bypass/",
"name": "Unveiling the ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)",
"refsource": "blogs",
"date_added": "2024-02-22T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
},
{
"url": "https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE",
"name": "W01fh4cker/ScreenConnect-AuthBypass-RCE exploit repository",
"refsource": "github-exploits",
"date_added": "2024-02-21T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/W01fh4cker/ScreenConnect-AuthBypass-RCE/main/ScreenConnect-AuthBypass-RCE.py",
"clone_ssh_url": "git@github.com:W01fh4cker/ScreenConnect-AuthBypass-RCE.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE.git"
},
{
"url": "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc",
"name": "watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc exploit repository",
"refsource": "github-exploits",
"date_added": "2024-02-21T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available",
"exploit_type": "initial-access",
"reference_url": "https://raw.githubusercontent.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc/main/watchtowr-vs-ConnectWise_2024-02-21.py",
"clone_ssh_url": "git@github.com:watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc.git",
"clone_ssh_url_cached": "git@git.vulncheck.com:github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc.git"
},
{
"url": "https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/main/http/cves/2024/CVE-2024-1709.yaml",
"name": "ConnectWise ScreenConnect 23.9.7 - Authentication Bypass",
"refsource": "nuclei-templates",
"date_added": "2024-02-21T00:00:00Z",
"exploit_maturity": "poc",
"exploit_availability": "publicly-available"
}
],
"reported_exploitation": [
{
"url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
"name": "ConnectWise ScreenConnect Authentication Bypass Vulnerability",
"refsource": "cisa-kev",
"date_added": "2024-02-22T00:00:00Z"
},
{
"url": "https://dashboard.shadowserver.org/statistics/honeypot/map/?day=2024-02-21&host_type=src&vulnerability=cve-2024-1709",
"name": "ScreenConnect (CVE-2024-1709)",
"refsource": "shadowserver-exploited",
"date_added": "2024-02-21T00:00:00Z"
},
{
"url": "https://dashboard.shadowserver.org/statistics/honeypot/map/?day=2024-02-22&host_type=src&vulnerability=cve-2024-1709",
"name": "ScreenConnect (CVE-2024-1709)",
"refsource": "shadowserver-exploited",
"date_added": "2024-02-22T00:00:00Z"
},
{
"url": "https://infosec.exchange/@SophosXOps/111975043941611370",
"name": "LockBit",
"refsource": "vulncheck-ransomware",
"date_added": "2024-02-22T00:00:00Z"
},
{
"url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-02-20T00:00:00Z"
},
{
"url": "https://www.rapid7.com/blog/post/2024/02/20/etr-high-risk-vulnerabilities-in-connectwise-screenconnect/",
"name": "Unattributed",
"refsource": "vulncheck-threat-actors",
"date_added": "2024-02-21T00:00:00Z"
}
],
"date_added": "2024-02-20T00:00:00Z",
"_timestamp": "2024-02-23T18:00:12.192906Z"
}
]
}
Using the Cursor Parameter
Exploits
curl --request GET \
--url "https://api.vulncheck.com/v3/index/exploits/cursor?cursor=MjAyNC0wMi0yM1QxNToxNTo1N1o=" \
--header "Accept: application/json" \
--header "Authorization: Bearer insert_token_here"
Response
{
"_benchmark": 0.070311,
"_meta": {
"timestamp": "2024-02-23T18:16:37.281993511Z",
"index": "exploits",
"limit": 100,
"total_documents": 79387,
"sort": "_timestamp",
"parameters": [
{
"name": "cve",
"format": "CVE-YYYY-N{4-7}"
},
{
"name": "alias"
},
{
"name": "iava",
"format": "[0-9]{4}[A-Z-0-9]+"
},
{
"name": "threat_actor"
},
{
"name": "mitre_id"
},
{
"name": "misp_id"
},
{
"name": "ransomware"
},
{
"name": "botnet"
},
{
"name": "published"
},
{
"name": "lastModStartDate",
"format": "YYYY-MM-DD"
},
{
"name": "lastModEndDate",
"format": "YYYY-MM-DD"
},
{
"name": "pubStartDate",
"format": "YYYY-MM-DD"
},
{
"name": "pubEndDate",
"format": "YYYY-MM-DD"
}
],
"order": "desc",
"cursor": "MjAyNC0wMi0yM1QxNToxNTo1N1o=",
"next_cursor": "MjAyNC0wMi0yM1QxMjoyOTo1OVo="
},
"data": [
{
"id": "CVE-2010-0031",
"public_exploit_found": false,
"commercial_exploit_found": true,
"weaponized_exploit_found": true,
"max_exploit_maturity": "weaponized",
"reported_exploited": false,
"reported_exploited_by_threat_actors": false,
"reported_exploited_by_ransomware": false,
"reported_exploited_by_botnets": false,
"inKEV": false,
"inVCKEV": false,
"timeline": {
"nvd_published": "2010-02-10T18:30:00Z",
"nvd_last_modified": "2018-10-12T21:56:00Z",
"first_exploit_published": "2010-02-12T00:00:00Z",
"first_exploit_published_weaponized_or_higher": "2010-02-12T00:00:00Z",
"most_recent_exploit_published": "2010-03-04T00:00:00Z"
},
"trending": {
"github": false
},
"epss": {
"epss_score": 0.88608,
"epss_percentile": 0.98592,
"last_modified": "2024-02-22T09:44:17.604920Z"
},
"counts": {
"exploits": 2,
"threat_actors": 0,
"botnets": 0,
"ransomware_families": 0
},
"exploits": [
{
"url": "https://www.coresecurity.com/core-labs/exploits",
"name": "Microsoft PowerPoint OEPlaceholderAtom Record Invalid Index Exploit (MS10-004) Update",
"refsource": "coreimpact",
"date_added": "2010-03-04T00:00:00Z",
"exploit_maturity": "weaponized",
"exploit_availability": "commercially-available"
},
{
"url": "https://my.saintcorporation.com/cgi-bin/exploit_info/powerpoint_oeplaceholderatom_placementid",
"name": "Microsoft PowerPoint OEPlaceholderAtom placementId memory corruption",
"refsource": "saint",
"date_added": "2010-02-12T00:00:00Z",
"exploit_maturity": "weaponized",
"exploit_availability": "commercially-available"
}
],
"date_added": "2010-02-12T00:00:00Z",
"_timestamp": "2024-02-23T15:15:26.77336Z"
}
]
}
