The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
You can search the Vulnerability Notes Database or browse by several views. Help is available on database fields and customizing search queries. For example, you can search for specific information, such as the ten most recently updated vulnerabilities, a list of vulnerabilities that affect control systems, or a list of vulnerabilities discovered using the Basic Fuzzing Framework (BFF).
We also provide an archive of all public vulnerability information from our database.
To communicate with us about a specific vulnerability, please send email with the appropriate VU# number(s) in the subject line. To protect sensitive, non-public vulnerability information, please encrypt mail to the CERT PGP key.
We appreciate your comments and suggestions.
Recent Vulnerability Notes
- 28 Mar 2017VU#342303Pandora iOS app does not properly validate SSL certificatesCVE-2017-3194
- 21 Mar 2017VU#600671PCAUSA Rawether for Windows local privilege escalationCVE-2017-3196
- 16 Mar 2017VU#214283Commvault Edge contains a buffer overflow vulnerabilityCVE-2017-3195
- 15 Mar 2017VU#553503D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentialsMultiple CVEs
- 14 Mar 2017VU#834067Apache Struts 2 is vulnerable to remote code executionCVE-2017-5638
- 08 Mar 2017VU#305448D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerabilityCVE-2017-3193
- 08 Mar 2017VU#247016Flash Seats Mobile App for Android and iOS fails to validate SSL certificatesCVE-2017-3190
- 07 Mar 2017VU#355151ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilitiesMultiple CVEs
- 07 Mar 2017VU#608591PHP FormMail Generator generates code vulnerable to multiple issuesMultiple CVEs
- 06 Mar 2017VU#168699dotCMS contains multiple vulnerabilitiesMultiple CVEs