The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 30 Sep 2015VU#693036Datalex airline booking software allowed authorization bypass for arbitrary usersCVE-2015-2858
- 24 Sep 2015VU#804060Cookies set via HTTP requests may be used to bypass HTTPS and reveal private informationUnknown
- 21 Sep 2015VU#374092Web Reference Database (refbase) contains multiple vulnerabilitiesMultiple CVEs
- 10 Sep 2015VU#906576Securifi Almond routers contains multiple vulnerabilitiesMultiple CVEs
- 09 Sep 2015VU#549807Impero Education Pro classroom management software vulnerable to remote code executionMultiple CVEs
- 03 Sep 2015VU#630872Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilitiesMultiple CVEs
- 03 Sep 2015VU#845332OrientDB and Studio prior to version 2.1.1 contain multiple vulnerabilitiesMultiple CVEs
- 01 Sep 2015VU#903500Seagate and LaCie wireless storage products contain multiple vulnerabilitiesMultiple CVEs
- 31 Aug 2015VU#201168Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilitiesMultiple CVEs
- 31 Aug 2015VU#361684Router devices do not implement sufficient UPnP authentication and securityUnknown