In this concise blog post, we’re delving into a crucial aspect of cybersecurity: databases housing software vulnerabilities. These databases, exemplified by platforms like vulners.com, exploit-db.com, and CVE Details, serve as comprehensive repositories cataloging an array of software weaknesses. Their purpose is monumental, providing a treasure trove of information for cybersecurity professionals, researchers, and organizations. By aggregating data on vulnerabilities, exploits, and remediation strategies, these databases empower proactive identification and mitigation of potential threats, bolstering system defenses and fortifying cybersecurity measures.

Note that these DBs are not equal, for example search for CVE-2019-10232 does not produce anything on PacketStormSecurity and on other platforms it returns a link to a patch which fixes the vulnerability. So no ready exploit is provided. Also, search in github produces zero exploits.

Vulnerability search

Most of the DBs do not bring anything new. Why do they exist in such numbers? No answer…

CVE Details

CVEDetails

Contains references to exploits if they exist, for example: https://www.cvedetails.com/google-search-results.php?q=RCE#gsc.tab=0&gsc.q=RCE&gsc.sort=

Exploit-DB

ExploitDB
CVE-2019-10232: link to the patch

Constains exploit codes which can be downloaded from the site itself.

Rapid7

Rapid7

Rapid7 is a developer of Metasploit Framework.

Packet Storm Security

PacketStormSecurity
CVE-2019-10232: no result

The exploits are directly hosted by the site.

Sploitus

Sploitus

The exploits are directly hosted by the site.

Vulners

Vulners

Pretty hard-to-understand platform.

Circle CVE search

Circle CVE Search, CVE Search ORG (API)

VulDB

VulDB

VulMon

VulMon
CVE-2019-10232: 4 repos with working exploits

ExploitAlert

ExploitAlert
CVE-2019-10232: 0 result

Synaps Int

SynapsInt
CVE-2019-10232: Ref to patch

GitHub Advisories

GitHub advisroies
CVE-2019-10232: Ref to patch

SeeBug

SeeBug
CVE-2019-10232: No results

CloudVulnDB

CloudVulnDB
CVE-2019-10232: No results

National Vulnerability Database (NVD)

NVD
CVE-2021-22205: Links to exploits

Snyk Security

NVD
CVE-2021-22205: Links to exploits

OSVDEV

NVD
CVE-2021-22205: Links to exploits

SecList Org

SecList
From nmap developers

AquaSec

SecList
CVE-2021-22205: Links to exploits

CVE MITRE

cvemitre
CVE-2021-22205: Links to exploits

CVE ORG

cvemitre
CVE-2021-22205: Links to exploits

OpenCVE IO

cvemitre
CVE-2021-22205: Links to exploits

Blogs

• https://developer.cyberark.com/blog/
• https://www.zeroscience.mk/en/vulnerabilities/

Buy / Sell exploits

• https://zerodium.com/
• https://opzero.ru/submit
• https://exploithub.com/
• https://exodusintel.com/whyexodus.html
• https://www.zerodayinitiative.com/advisories/published/

Scums

• https://www.vulnerability-lab.com/
• https://shoppy.gg/product/XaMNpOn
• https://0day.today/

See also

• Practical single domain vulnerability scanning using nuclei, naabu and subfinder
• Non-arabic african population is willing to invest in high-risk crypto and forex platforms (research)
• Demystifying Crypto and Forex CFD Trading: Platforms, FTDs, and Leads Explained
• Tech SEO Pro video course by Kristina Azarenko
• Practical mass vulnerability scanning using nuclei, naabu and subfinder