- Jump to Initial Access Release Notes
- Jump to Recent Initial Access Activity
5 new indices
NIST NVD 2.0 Source Data
This Index contains information about CNAs, such as email addresses, official names, UUIDs used in NVD records. This allows us to lookup the UUIDs in NVD records and retrieve CNA names.
Browse the nist-nvd2-sources index
Core Impact
Core Impact is a library of expert validated exploits for safe and effective pen tests.
Drupal Security Advisories
Drupal security advisories are official notifications released by the Drupal Security Team to address security vulnerabilities and updates. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Astra Linux Security Bulletins
Astra security bulletins are official notifications released by Astra to address security vulnerabilities and updates for the Astra linux distrubution. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Suse Security Advisories
Suse security advisories are official notifications released by the Suse Security Team to address security vulnerabilities and updates. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Browse the suse-security index
Initial Access release notes
CVE-2024-57727: SimpleHelp Path Traversal
The team developed an information leak exploit targeting SimpleHelp remote administrative server software. We added coverage for this vulnerability based on recent research by Horizon3.ai. The software is also common in tech support scams and has been used by threat APT groups. Additionally, the GreyNoise query we developed for this vulnerability flags two malicious IP addresses, so we anticipate this will be added to the KEV list in the future.
The team also developed Shodan, Censys, FOFA, ZoomEye, and Google queries, as well as pcap and Snort/Suricata signatures.
CVE-2025-0107: Palo Alto Networks Expedition Spark Callback RCE
The team created an exploit, pcap, network signatures, a YARA rule, and queries for CVE-2025-0107, a new remote code execution vulnerability in Palo Alto Networks' Expedition product. The vulnerability is publicly known as an OS command injection, but it is perhaps better described as a partial argument injection, which leads to Java deserialization, which in turn results in RCE. Deserialization is triggered by forcing the target to call back to an attacker-provided Apache Spark server (built into our exploit). Arbitrary OS commands can then be executed as the www-data user. We have not observed exploitation of this vulnerability in the wild yet.
Previous Palo Alto Networks Expedition vulnerabilities have appeared on the CISA KEV list, so we wouldn't be surprised to see this one make it too.
CVE-2024-55591: FortiOS Websocket Auth Bypass
The team developed Shodan, Censys, FOFA, and GreyNoise queries for finding potentially affected systems. We also created a scanner based on (but different from) the WatchTowr methodology to find vulnerable versions. After a scan of the internet, we can find very few vulnerable systems.
The team developed pcaps and networks signatures that specifically target two entities: the only known public exploit and the aforementioned watchtowr scanner. Additionally, one of our GreyNoise queries flags two IP addresses using the watchtowr vulnerability scanner.
CVE-2021-40438: Checkpoint Gaia Portal Configuration Leak
New research published this week demonstrated that Checkpoint gateways (and specifically the Gaia Portal, as far as we could tell) were vulnerable to configuration leak and modification due to an older Apache mod_proxy vulnerability. The team developed an exploit that pulls down the victim's configuration, but an attacker can also modify the configuration (change a password) and get access that way.
The team developed a version scanner using the last modified timestamp of the portal's favicon. We used it to scan the internet and found hundreds of gateways are still vulnerable to this issue, and we expect attackers to pick up this attack and run with it. Note that CVE-2021-40438 is already listed on VulnCheck KEV, but it hadn't been associated with Checkpoint until this week (to our knowledge).
Beyond an exploit and version scanner, the team developed Shodan, Censys, FOFA, ZoomEye, GreyNoise, and Google queries, pcaps, and created Snort/Suricata rules.
Updating the Historical Backlog
The team has continued updating our catalog of completed exploits with features that were added more recently. Approximately 70% of deliverables now also have, when possible, FOFA, ZoomEye, Google, and Baidu queries as well as signature deployment metadata and the new targetEncryptedComms field in the README. We are still aiming for reaching 100% of the repository by the end of January.
Recent Initial Access activity
ShowDoc ShowDoc Unauthenticated File Upload RCE was added on Jan, 15 and is found in 1 product.
View more detail on CVE-2025-0520
BigAnt Server Account Registration Bypass to File Upload RCE was added on Jan, 8 and is found in 1 product.
View more detail on CVE-2025-0364
Ivanti Connect Secure IF-T Buffer Overflow was added on Jan, 14 and is found in 3 products.
View more detail on CVE-2025-0282
Palo Alto Expedition Spark Callback RCE was added on Jan, 23 and is found in 1 product.
View more detail on CVE-2025-0107
Palo Alto Expedition Unauthenticated SQL Injection was added on Dec, 8 and is found in 1 product.
View more detail on CVE-2024-9465
Backup and Staging WordPress Plugin File Upload Type Bypass RCE was added on Dec, 30 and is found in 1 product.
View more detail on CVE-2024-8856
Progress Kemp LoadMaster read_pass() Command Injection was added on Dec, 5 and is found in 1 product.
View more detail on CVE-2024-7591
Aim _backup_run Data Exfiltration was added on Jan, 9 and is found in 1 product.
View more detail on CVE-2024-6396
SimpleHelp Directory Traversal Information Disclosure was added on Jan, 20 and is found in 1 product.
View more detail on CVE-2024-57727
Craft CMS register_argc_argv RCE was added on Dec, 26 and is found in 1 product.
View more detail on CVE-2024-56145
Fortinet Websocket Authentication Bypass was added on Jan, 21 and is found in 2 products.
View more detail on CVE-2024-55591
Apache Struts FileUploadInterceptor File Upload RCE was added on Dec, 16 and is found in 1 product.
View more detail on CVE-2024-53677
Cleo File Write RCE was added on Dec, 10 and is found in 3 products.
View more detail on CVE-2024-50623
Apache Tomcat Default Servlet JSP Race was added on Dec, 22 and is found in 1 product.
View more detail on CVE-2024-50379
Netis and OEM Routers Initial Setup Password Overwrite was added on Jan, 8 and is found in 13 products.
View more detail on CVE-2024-48457
Netis and OEM Routers Unauth Password Reset Command Injection was added on Jan, 8 and is found in 13 products.
View more detail on CVE-2024-48456
Netis and OEM Routers Admin Credential Leak was added on Jan, 8 and is found in 13 products.
View more detail on CVE-2024-48455
Cobbler XML-RPC Authentication Bypass was added on Dec, 11 and is found in 1 product.
View more detail on CVE-2024-47533
Mitel MiCollab File Disclosure was added on Dec, 4 and is found in 1 product.
View more detail on CVE-2024-41713
Reposilite Unauthenticated Directory Traversal File Read was added on Jan, 26 and is found in 1 product.
View more detail on CVE-2024-36117
Ghostscript Filesystem Format String RCE was added on Jul, 29 and is found in 1 product.
View more detail on CVE-2024-29510
Four-Faith Adjust Time Command Injection was added on Dec, 19 and is found in 2 products.
View more detail on CVE-2024-12856
NETGEAR DGN setup.cgi OS Command Execution was added on Jan, 2 and is found in 2 products.
View more detail on CVE-2024-12847
ProjectSend Incorrect Authorization Webshell Upload was added on Nov, 24 and is found in 1 product.
View more detail on CVE-2024-11680
Really Simple Security WordPress Plugin Authentication Bypass RCE was added on Dec, 1 and is found in 1 product.
View more detail on CVE-2024-10924
Avaya Phonebook Webshell Upload was added on Dec, 17 and is found in 1 product.
View more detail on CVE-2023-3722
Ghostscript PostScript sbcp.c Buffer Overflow was added on Dec, 11 and is found in 1 product.
View more detail on CVE-2023-28879
VoIPMonitor GUI SQL Injection Admin Add was added on Jan, 16 and is found in 1 product.
View more detail on CVE-2022-24260
Draytek Login Format String Vulnerability was added on Dec, 11 and is found in 3 products.
View more detail on CVE-2021-42911
GoAhead Environment Injection RCE was added on Dec, 17 and is found in 1 product.
View more detail on CVE-2021-42342
Check Point Gaia Portal mod_proxy Configuration Leak was added on Jan, 20 and is found in 1 product.
View more detail on CVE-2021-40438
Derby SQL based RCE was added on Nov, 26 and is found in 1 product.
View more detail on CVE-2021-29442
mySCADA myPRO HMI Configuration Leak was added on Jan, 15 and is found in 1 product.
View more detail on CVE-2021-27505
Artica Proxy Authentication Bypass and RCE was added on Jan, 16 and is found in 1 product.
View more detail on CVE-2020-17506
TBK and other OEM DVR Credential Leak was added on Dec, 18 and is found in 2 products.
View more detail on CVE-2018-9995
Netatalk Commands Pointer Buffer Overflow RCE was added on Dec, 25 and is found in 1 product.
- 5 new indices
- 29 new initial-access advisories
- IA release notes
- Initial Access Release notes
- 25 new initial-access advisories
- 3 new indices
- 18 new initial-access advisories
- 7 new indices
- 32 new initial-access advisories
- 6 new indices
- 29 new Initial Access advisories
- 16 New indices
- 4 New Features
- 13 new Initial Access advisories
- 15 New indices
- 13 New indices
- 11 new Initial Access entries
- New Initial Access features
- 3 New indices including Microsoft KB list by CVE
- 5 new Initial Access entries
- Upgraded dashboard, and the VulnCheck KEV Browser
- 6 New indices including OpenCloud Vulnerability & Security Issue Database
- 5 New Initial Access artifacts
- New Features
- 3 New Advisories
- 10 New Indices
- CVE Browser
- 4 new Initial Access advisories
- New query parameters for the ipintel-* IP Intelligence indexes and more
- 33 new indices including Microsoft Security Updates
- Introducing VulnCheck IP Intelligence
- 5 new Initial Access advisories
- 17 new indices
- Recent IA activity including Apache Druid Log4Shell and ownCloud graphapi
- 17 new Indices including LG security, and several Apache projects
- 20 new Indices including mitre-attack-cve, botnets, and ransomware
- 5 new Indices including osv and cbl-mariner
- New Changelog Initial Access Details
- 20 new indices including nokia, blackberry, and iava
- Search for aliases in all indices
- 30 new indices including checkpoint, jetbrains, and bitdefender
- New indices: epss, vulnerability-aliases, and threat-actors
- More Indices: kubernetes, rustsec-advisories, hashicorp, wolfssl, zoom, and salesforce
- New Documentation Portal
- 64 New Indices
- New Index: vulncheck-nvd2 - NIST NVD V2.0 data supplemented with VulnCheck Data
- New Indices: twcert, vde, watchguard, vyaire, and ubiquiti
- New Indices: usom, zimba, zyxel, yokogawa, nodejs, and hkcert
- We have a booth at BlackHat. Come say hi!
- New Indices: schneider-electric, dell, arch, debian, rocky, and wolfi
- Fixes to the github-exploits backup
- New Indexes: vulncheck-nvd, eol and many more
- New Indexes: nist-nvd and many more
- Multi-region support for backups
- Portal Feature: Employee Invitations
- New package managers for PURL queries
- 13 New Indexes
- OPAM, Wolfi and Swift support for PURL queries
- New V3 Exploits Index
- About 25+ more Indices
- We are now a CVE Numbering Authority
- Postman collection support
- New package managers added to our PURL support
- Providing Fixed Version in OS package manager support
- New package types support for PURL: Maven, PHP, Ruby, and Rust
- 5 New Indices: ABB, AlmaLinux, Alpine Linux, AWS and Apple
- New Endpoint: Request vulns related to a PURL
- Snort Rule added to initial-access index
- New Endpoint: Request vulns related to a CPE
- New Index: Debian Security Tracker
- Welcome to the VulnCheck Changelog
- New Indices: CNVD Flaws and CNVD Bulletins
