Jump to Recent Initial Access Activity
6 new indices
Japan Vulnerability Notes
JVN stands for "the Japan Vulnerability Notes." It is a vulnerability information portal site designed to help ensure Internet security by providing vulnerability information and their solutions for software products used in Japan. JVN is operated jointly by the JPCERT Coordination Center and the Information-technology Promotion Agency (IPA).
VulnCheck CPE Dictionary
A dictionary of CPEs used in the construction of VCConfigurations.
Browse the vc-cpe-dictionary index
Shielder Advisories
Shielder Advisories are official notifications released by Shielder to address security vulnerabilities and updates. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure security.
Qubes Security Bulletin
Qubes Security Bulletins are official notifications released by QubesOS to address security vulnerabilities and updates. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure security.
Security Lab Advisories
Security Lab Advisories are official notifications released by Positive Research's Security Lab to address security vulnerabilities and updates. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure security.
Tenable Research Advisories
Tenable Research Advisories are official notifications released by Tenable to address security vulnerabilities and updates. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure security.
Browse the tenable-research-advisories index
Recent Initial Access activity
SPIP porte_plume plugin unauthenticated RCE was added on Aug, 18 and is found in 1 product.
View more detail on CVE-2024-7954
Ivanti vTM Authentication Bypass was added on Aug, 15 and is found in 1 product.
View more detail on CVE-2024-7593
AJ-Report unauthenticated path-traversal Java evaluation RCE was added on Jul, 30 and is found in 1 product.
View more detail on CVE-2024-7314
Zyxel nebula_ap_redirect Crash was added on Sep, 10 and is found in 29 products.
View more detail on CVE-2024-7261
Calibre Content Server RCE was added on Aug, 8 and is found in 1 product.
View more detail on CVE-2024-6782
Zyxel NAS Auth Bypass and Configuration Leak was added on Sep, 11 and is found in 2 products.
View more detail on CVE-2024-6342
GiveWP Remote Code Execution was added on Sep, 5 and is found in 1 product.
View more detail on CVE-2024-5932
Fortra FileCatalyst Workflow SQL Injection was added on Aug, 21 and is found in 1 product.
View more detail on CVE-2024-5276
Delta Electronics DIAEnergie RecalculateHDMWYC Script Injection was added on Aug, 5 and is found in 1 product.
View more detail on CVE-2024-4548
Delta Electronics DIAEnergie RecalculateScript Script Injection was added on Aug, 5 and is found in 1 product.
View more detail on CVE-2024-4547
Apache OFBiz CSV Data File Webshell was added on Sep, 9 and is found in 1 product.
View more detail on CVE-2024-45195
Fonoster VoiceServer VoiceApp Path Traversal Info Leak was added on Aug, 25 and is found in 1 product.
View more detail on CVE-2024-43035
Bazarr Path Traversal was added on Jul, 31 and is found in 1 product.
View more detail on CVE-2024-40348
Apache OFBiz improper authorization checks allow for RCE was added on Aug, 4 and is found in 1 product.
View more detail on CVE-2024-38856
Windows Server MadLicense Unauth RCE was added on Aug, 8 and is found in 5 products.
View more detail on CVE-2024-38077
IPv6 Network Stack Overflow DoS was added on Aug, 29 and is found in 1 product.
View more detail on CVE-2024-38063
Magento XXE Information Disclosure was added on Jul, 20 and is found in 2 products.
View more detail on CVE-2024-34102
H3C ERHMG2 Configuration/Password Leak was added on Jul, 21 and is found in 11 products.
View more detail on CVE-2024-32238
Traccar Unrestricted File Upload was added on Sep, 4 and is found in 1 product.
View more detail on CVE-2024-31214
Ghostscript Filesystem Format String RCE was added on Jul, 29 and is found in 1 product.
View more detail on CVE-2024-29510
SolarWinds Web Help Desk Hard-coded Credentials was added on Aug, 25 and is found in 1 product.
View more detail on CVE-2024-28987
Authentication bypass allows for administrative access to upload ASP documents, leading to remote code execution. was added on Aug, 12 and is found in 1 product.
View more detail on CVE-2024-26331
Traccar Image Upload Path Traversal RCE was added on Sep, 4 and is found in 1 product.
View more detail on CVE-2024-24809
Spring Cloud Dataflow Arbitrary File Write was added on Aug, 25 and is found in 1 product.
View more detail on CVE-2024-22263
Cisco Smart Software Manager On-Prem Password Reset was added on Aug, 14 and is found in 1 product.
View more detail on CVE-2024-20419
Anyscale Ray CPU Profile Command Injection was added on Aug, 25 and is found in 1 product.
View more detail on CVE-2023-6019
GNU GLIBC "Looney Tunables" Local Privilege Escalation was added on Aug, 29 and is found in 1 product.
View more detail on CVE-2023-4911
Anyscale Ray Job Execution (Unpatched) was added on Aug, 25 and is found in 1 product.
View more detail on CVE-2023-48022
Zyxel Auth Bypass and pkg_init_cmd Command Injection was added on Jul, 18 and is found in 2 products.
View more detail on CVE-2023-4473
Elementor Essential Addons WordPress Plugin Authentication Bypass Remote Code Execution was added on Jul, 24 and is found in 1 product.
View more detail on CVE-2023-32243
WooCommerce Payments Authentication Bypass was added on Aug, 28 and is found in 1 product.
View more detail on CVE-2023-28121
Exim SPA Auth Bypass was added on Aug, 21 and is found in 1 product.
- 18 new initial-access advisories
- 7 new indices
- 32 new initial-access advisories
- 6 new indices
- 29 new Initial Access advisories
- 16 New indices
- 4 New Features
- 13 new Initial Access advisories
- 15 New indices
- 13 New indices
- 11 new Initial Access entries
- New Initial Access features
- 3 New indices including Microsoft KB list by CVE
- 5 new Initial Access entries
- Upgraded dashboard, and the VulnCheck KEV Browser
- 6 New indices including OpenCloud Vulnerability & Security Issue Database
- 5 New Initial Access artifacts
- New Features
- 3 New Advisories
- 10 New Indices
- CVE Browser
- 4 new Initial Access advisories
- New query parameters for the ipintel-* IP Intelligence indexes and more
- 33 new indices including Microsoft Security Updates
- Introducing VulnCheck IP Intelligence
- 5 new Initial Access advisories
- 17 new indices
- Recent IA activity including Apache Druid Log4Shell and ownCloud graphapi
- 17 new Indices including LG security, and several Apache projects
- 20 new Indices including mitre-attack-cve, botnets, and ransomware
- 5 new Indices including osv and cbl-mariner
- New Changelog Initial Access Details
- 20 new indices including nokia, blackberry, and iava
- Search for aliases in all indices
- 30 new indices including checkpoint, jetbrains, and bitdefender
- New indices: epss, vulnerability-aliases, and threat-actors
- More Indices: kubernetes, rustsec-advisories, hashicorp, wolfssl, zoom, and salesforce
- New Documentation Portal
- 64 New Indices
- New Index: vulncheck-nvd2 - NIST NVD V2.0 data supplemented with VulnCheck Data
- New Indices: twcert, vde, watchguard, vyaire, and ubiquiti
- New Indices: usom, zimba, zyxel, yokogawa, nodejs, and hkcert
- We have a booth at BlackHat. Come say hi!
- New Indices: schneider-electric, dell, arch, debian, rocky, and wolfi
- Fixes to the github-exploits backup
- New Indexes: vulncheck-nvd, eol and many more
- New Indexes: nist-nvd and many more
- Multi-region support for backups
- Portal Feature: Employee Invitations
- New package managers for PURL queries
- 13 New Indexes
- OPAM, Wolfi and Swift support for PURL queries
- New V3 Exploits Index
- About 25+ more Indices
- We are now a CVE Numbering Authority
- Postman collection support
- New package managers added to our PURL support
- Providing Fixed Version in OS package manager support
- New package types support for PURL: Maven, PHP, Ruby, and Rust
- 5 New Indices: ABB, AlmaLinux, Alpine Linux, AWS and Apple
- New Endpoint: Request vulns related to a PURL
- Snort Rule added to initial-access index
- New Endpoint: Request vulns related to a CPE
- New Index: Debian Security Tracker
- Welcome to the VulnCheck Changelog
- New Indices: CNVD Flaws and CNVD Bulletins
