The Vulnerability Notes Database provides timely information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 16 Jun 2015VU#155412Samsung Galaxy S phones fail to properly validate SwiftKey language pack updatesMultiple CVEs
- 16 Jun 2015VU#842780Vesta Control Panel is vulnerable to cross-site request forgeryCVE-2015-2861
- 16 Jun 2015VU#626420Pearson ProctorCache contains hard coded credentialsCVE-2015-0972
- 15 Jun 2015VU#101500Retrospect Backup Client uses weak password hashingCVE-2015-2864
- 10 Jun 2015VU#555984Avigilon Control Center is vulnerable to path traversalCVE-2015-2860
- 09 Jun 2015VU#810572CUPS print service is vulnerable to privilege escalation and cross-site scriptingMultiple CVEs
- 08 Jun 2015VU#595884Aptexx Resident Anywhere exposes sensitive account informationCVE-2014-4882
- 08 Jun 2015VU#924506Toshiba 4690 OS contains an information disclosure vulnerabilityCVE-2014-4876
- 08 Jun 2015VU#301788Toshiba CHEC contains a hard-coded cryptographic keyCVE-2014-4875
- 04 Jun 2015VU#264092McAfee ePolicy Orchestrator fails to properly validate SSL/TLS certificatesCVE-2015-2859