Vulnerability Intelligence
at Your Fingertips

Aggregate CVE data from NVD, CISA KEV, EPSS, GitHub, and EUVD — all in one place.

1,608
CISA KEV Entries
5+
Data Sources
Live
Real-time Data

Trending Vulnerabilities

CVE-1999-1467

Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user.

10.0
CVSS
5.8%
EPSS
CVE-1999-1493

Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through SR10.3 allows remote attackers to gain root privileges via insecure system calls, (1) pad_$dm_cmd and (2) pad_$def_pfk().

10.0
CVSS
3.5%
EPSS
CVE-1999-1059

Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.

10.0
CVSS
3.2%
EPSS
CVE-1999-1395

Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 through 5.4-2 allows local users to gain privileges.

7.2
CVSS
2.1%
EPSS
CVE-1999-1506

Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, allows remote attackers to access user bin.

7.5
CVSS
0.9%
EPSS
CVE-1999-1115

Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).

7.2
CVSS
0.9%
EPSS

Recent CISA KEV Additions

CVE-2024-21182

WebLogic Server – Oracle

Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

KEV
2026-06-01
CVE-2026-0257

PAN-OS – Palo Alto Networks

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.

KEV
2026-05-29
CVE-2026-48027

Nx Console – Nx

Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.

KEV
2026-05-27
Ransomware
CVE-2026-45321

TanStack – TanStack

TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.

KEV
2026-05-27
Ransomware
CVE-2026-8398

Daemon Tools Lite – Daemon

Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability.

KEV
2026-05-27
CVE-2026-48172

cPanel Plugin – LiteSpeed

LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with root privileges.

KEV
2026-05-26
CVE-2026-9082

Core – Drupal

Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.

KEV
2026-05-22
CVE-2025-34291

Langflow – Langflow

Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. This could allow the attacker to execute arbitrary code and achieve full system compromise via obtained tokens that permit access to authenticated endpoints.

KEV
2026-05-21
View full dashboard →