The Vulnerability Notes Database provides timely information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 28 Jul 2014VU#867980Silver Peak VX is vulnerable to cross-site request forgery and cross-site scriptingMultiple CVEs
- 25 Jul 2014VU#394540Sabre AirCentre Crew solutions contain a SQL injection vulnerabilityCVE-2014-4858
- 24 Jul 2014VU#565580BulletProof FTP Client 2010 is vulnerable to a stack-based buffer overflowCVE-2014-2973
- 24 Jul 2014VU#669804TestRail cross-site scripting vulnerabilityCVE-2014-4857
- 23 Jul 2014VU#162308Resin Pro improperly performs Unicode transformationsCVE-2014-2966
- 21 Jul 2014VU#875548MicroPact iComplaints cross-site scripting vulnerabilityCVE-2014-2971
- 21 Jul 2014VU#688812Huawei E355 contains a stored cross-site scripting vulnerabilityCVE-2014-2968
- 14 Jul 2014VU#204988Kaseya's agent driver contains NULL pointer dereferenceCVE-2014-2926
- 11 Jul 2014VU#917348Datum Systems satellite modem devices contain multiple vulnerabilitiesMultiple CVEs
- 10 Jul 2014VU#712660Raritian PX power distribution software is vulnerable to the cipher zero attack.CVE-2014-2955