Beyond security
Language
No results found for ""
Try different keywords or check spelling
Search in CVE database, posts & pages • Press ESC to close
No results found for ""
Try different keywords or check spelling
Search in CVE database, posts & pages • Press ESC to close
Vulnerability Database & Cybersecurity Intelligence Platform
Real-time CVE vulnerability tracking, CVSS scoring, CISA KEV alerts, and EPSS data to protect your infrastructure from emerging threats.
Highest priority threats requiring immediate attention
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a…
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitles), where the Format field is not…
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an…
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.
All the tools you need to monitor, analyze, and respond to vulnerabilities
Access 237,293+ vulnerabilities with CVSS scores, technical details, and affected products.
Prioritize vulnerabilities with CVSS v3.1 severity scores and EPSS exploit probability data.
Track vulnerabilities by vendor: Microsoft, Google, Apple, Linux, and thousands more.
Search vulnerabilities by specific product and get alerts for the technologies in your stack.
Filter by severity, product, vendor, date, CWE type, and exploitation status.
Actively exploited vulnerabilities from the CISA Known Exploited Vulnerabilities catalog.
Most recently added CVEs to our database
A out-of-bounds write vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow…
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of…
BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior…
nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the…
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a denial of service vulnerability in…
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability…
Vendors and products with the highest number of reported vulnerabilities
Explore our comprehensive CVE vulnerability database and stay informed about the latest threats.