Home
Vulnerability & Exploit Database

Vulnerability & Exploit Database

Vulnerability Scanner

2024 Attack Intel Report

A curated repository of vetted computer software exploits and exploitable vulnerabilities.

Technical details for over 180,000 vulnerabilities and 4,000 exploits are available for security professionals and researchers to review. These vulnerabilities are utilized by our vulnerability management tool InsightVM. The exploits are all included in the Metasploit framework and utilized by our penetration testing tool, Metasploit Pro. Our vulnerability and exploit database is updated frequently and contains the most recent security research.

十大赌博正规信誉网址 41 - 60 of 224,943 in total

SUSE: CVE-2024-0149: SUSE Linux Security Advisory

Published: January 21, 2025 | Severity: 4

Resolved Cross-Site Scripting (XSS) vulnerability due to inadequate validation of metadata's Content-Type when importing files into the briefcase, preventing arbitrary JavaScript execution.

Published: January 20, 2025 | Severity: 8

A Cross-Site Scripting (XSS) vulnerability via crafted HTML content in the Zimbra Classic UI has been fixed. LC attribute zimbra_owasp_strip_alt_tags_with_handlers introduced in previous patch is no longer required and has been removed.

Published: January 20, 2025 | Severity: 8

The ClamAV package has been upgraded to version 0.105.2 to fix multiple vulnerabilities.

Published: January 20, 2025 | Severity: 10

The OpenSSL package has been upgraded to version 8.7b4 to fix multiple vulnerabilities.

Published: January 20, 2025 | Severity: 7

Upgraded Electron framework used in Modern Zimbra Desktop to version 28.0.0, This update mitigates potential security risks associated with the outdated Electron version 11.5.0.

Published: January 20, 2025 | Severity: 10

A security related issue has been fixed which impacted one of the third party libraries being used in Admin User Inferface.

Published: January 20, 2025 | Severity: 5

Upgraded PHP to 8.3.0 to fix allocated memory vulnerability

Published: January 20, 2025 | Severity: 7

Debian: CVE-2023-52923: linux -- security update

Published: January 20, 2025 | Severity: 4

Addressed a Cross-Site Request Forgery (CSRF) vulnerability by disabling GraphQL GET methods via localconfig. A new local config attribute, zimbra_gql_enable_dangerous_ deprecated_get_method_will_be_removed, has been introduced to control these methods. The default value is FALSE (getting displayed as null), and customers are recommended not to set it to TRUE.

Published: January 20, 2025 | Severity: 8

The Apache CXF package has been upgraded to version 3.5.5 to fix SSRF vulnerability

Published: January 20, 2025 | Severity: 10

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters.

Published: January 20, 2025 | Severity: 7

OpenSSL package has been upgraded to fix a security issue related to the verification of X.509 certificate chains that include policy constraints

Published: January 20, 2025 | Severity: 8

The OpenJDK package has been upgraded to version 17.0.12 to fix multiple vulnerabilities

Published: January 20, 2025 | Severity: 5

A Cross-Site Scripting (XSS) vulnerability in TinyMCE was addressed in the upgrade from version 7.1.1 to 7.2.0

Published: January 20, 2025 | Severity: 6

The Apache package has been upgraded to version 2.4.57 to fix multiple vulnerabilities

Published: January 20, 2025 | Severity: 10

The ClamAV package has been upgraded to version 1.0.6 to fix multiple vulnerabilities

Published: January 20, 2025 | Severity: 4

The Apache package has been upgraded to version 2.4.62 to fix multiple vulnerabilities

Published: January 20, 2025 | Severity: 7

Microsoft Edge Chromium: CVE-2025-21185

Published: January 17, 2025 | Severity: 4

OS X update for WebKit (CVE-2024-27856)

Published: January 16, 2025 | Severity: 4

1
2
3
4
5
...