The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 08 Dec 2016VU#494015PHP FormMail Generator generates code with multiple vulnerabilitiesMultiple CVEs
- 07 Dec 2016VU#768331ForeScout CounterACT SecureConnector agent is vulnerable to privilege escalationMultiple CVEs
- 06 Dec 2016VU#548487BSD libc contains a buffer overflow vulnerability in link_ntoa()CVE-2016-6559
- 06 Dec 2016VU#846103Sungard eTRAKiT3 may be vulnerable to SQL injectionCVE-2016-6566
- 30 Nov 2016VU#791496Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerabilityCVE-2016-9079
- 21 Nov 2016VU#633847NTP.org ntpd contains multiple denial of service vulnerabilitiesMultiple CVEs
- 17 Nov 2016VU#624539Ragentek Android OTA update mechanism vulnerable to MITM attackCVE-2016-6564
- 16 Nov 2016VU#346175Imagely NextGen Gallery plugin for Wordpress contains a local file inclusion vulnerabilityCVE-2016-6565
- 07 Nov 2016VU#677427D-Link routers HNAP service contains stack-based buffer overflowCVE-2016-6563
- 25 Oct 2016VU#974055iTrack Easy contains multiple vulnerabilitiesMultiple CVEs