CVE Tools

Know which vulnerabilitiesactually matter to you.

Discover what's targeting Oracle PeopleSoft

42,944Critical
1,630CISA KEV
65,358With Exploits
151,496Scanner-Checkable

A live database of 342.8K vulnerabilities — 65.4K linked to public exploit code and 1.6K confirmed exploited (CISA KEV). Continuously synced from NVD, GHSA, CISA KEV, and CSAF advisories — enriched with EPSS scores, exploit links, Nuclei & OpenVAS scanner checks, and MITRE ATT&CK mappings. Ranked by real-world exploitation, and filtered to the software you actually run.

Every day, security information is published everywhere.

Vulnerability intelligence lives in dozens of places at once — each with its own format, feed and update cadence.

NVD
CISA KEV
GitHub
Reddit
Security blogs
Vendor advisories
Researchers
Exploit DBs

Having all these sources isn't the problem. Bringing them together — and knowing what actually matters — is.

Multiple intelligence sources, one place.

We collect, connect and enrich every source into a single page per CVE. No ten open tabs.

Everything you need about a vulnerability.

One CVE. Every source we track about it — joined on a single page.

CVE-2025-XXXXX

A single page that joins every source below — no ten tabs, no manual research.

CVSS 9.1KEVScannable
Description
Plain-language + AI summary
EPSS
94th percentile · 30-day trend
CISA KEV
Actively exploited
Discussions
Tracked across 12 threads
Exploits
3 public PoCs linked
References
Advisories & write-ups
Products
Affected products & versions
Vendors
Normalized vendor data
Timeline
Published → KEV → exploit
Scanner
Nuclei / OpenVAS coverage

Find exploitable CVEs in milliseconds

KEV, exploits, EPSS, CWE, vendor, attack vector — combine any filter over 250K+ CVEs. Sub-50ms.

cve.tools/cves
apache authentication bypass⌘K
847 results
CVE IDVendor / ProductCVSSEPSSFlags
CVE-2025-21298
Microsoft
Windows OLE
9.894.2%
KEVEXPNUC
CVE-2025-0282
Ivanti
Connect Secure
9.089.1%
KEVEXPNUC
CVE-2024-55591
Fortinet
FortiOS SSL-VPN
9.676.3%
KEVNUC
CVE-2024-49113
Apache
Struts 2.x
8.141.7%
EXP
CVE-2024-47575
Fortinet
FortiManager
9.888.0%
KEVEXP
CVE-2024-38094
Microsoft
SharePoint Server
7.237.5%
KEVEXP
847 results · page 1 of 85
12385
Get started — it's free One-click GitHub sign-in · no credit card

What's discussed now

The CVEs the security world is talking about right now — ranked, with why they matter.

All news

Stop scanning 250,000 CVEs. Watch the ones that matter to you.

Import the software you run and get a live feed of exploited vulns, KEV entries and public exploits for your exact products — then act on the few that matter and defer the rest with a defensible record.

  • Import once
    Host scan, SBOM, or a single CLI command — cvetools resolves your software to canonical products.
  • Only what hits you
    Per-product CVE, CISA-KEV and public-exploit counts — ranked, no 250K-row noise.
  • Decide with proof
    Act on the few that meet your cut-line, defer the rest with a frozen audit trail — and they auto-escalate if they cross the line.
  • Told when it matters
    Get alerted the moment a new exploited vulnerability lands on something you run.
You track Apache HTTP Server — then, without lifting a finger:
3 new CVEs1 added to KEVEPSS 0.08 → 0.71lands in Act now
One alert, one decision — act now, or defer with proof.
Add your stack — free One-click GitHub sign-in · no credit card
5 products|4 with KEV|5 with exploit|1 unmatched
Matched 5Unmatched 1
Search product, vendor, package…
KEV onlyHas exploitAll sources ▾
ProductVendorVersionSourceCVEsKEVExploit
ciscociscoos-scan6,814983,177
FortiOSfortinet7.4.1sbom1,1272641
opensslopenssl3.0.11os-scan299134
nginxnginx1.24.0manual627
httpdapache2.4.58sbom188219
1–5 of 5 · ranked by exploitability1 / 1

You track CVEs. Do you know which of your systems are exposed to them right now?

A free external review — from the attacker's side. We map your exposed services, forgotten systems and employee passwords found in breaches. No install, no access to your systems, no obligation.

Just your primary domain to begin · reviewed by practicing pentesters

Sample exposure report
redacted
3 exposed RDP hostsreachable
1 forgotten staging serverunpatched
4 employee passwords in breach dumpsleaked
2 expired TLS certificatestrust
full report delivered privately after review

Search finds a page. cve.tools gives you the whole picture.

CapabilityTraditional CVE databasecve.tools
CoverageNVD only 8+ sources merged per CVE
Exploitation signal EPSS + CISA KEV + public exploits
Discussion & chatter Reddit, blogs, advisories tracked
Your softwareManual lookup Filtered to your product stack
FreshnessBatch updates Continuously synced, every day
AccessA web page Web + REST API + MCP
342.8K
Total CVEs
Accepted into database
42.9K
Critical
CVSS ≥ 9.0
65.4K
With Exploits
Linked to PoC or exploit code
1.6K
In CISA KEV
Known Exploited Vulnerabilities
17.1K
High EPSS
Exploit probability > 10%
151.5K
Scanner Coverage
CVEs you can verify with Nuclei or OpenVAS
601
Discussions
Security news & threads tracked
3.8K
Advisories
Vendor & CSAF advisories

All numbers are live. Our sync pipeline pulls vulnerability data from CVEProject, NVD, GHSA, CISA KEV, CSAF advisories, and other authoritative sources — enriched and scored automatically.

Everything you need to work with vulnerabilities

CVE Tools is not just a database — it's a complete vulnerability intelligence workstation. Every CVE is enriched, linked, and queryable through multiple interfaces.

Threat Radar

Threats ranked by real-world signal — exploitation, KEV, EPSS and news attention — in one Act-now queue.

My Stack — Personal Threat Console

Import the software you run and track only the CVEs, KEV entries and exploits that actually hit your products.

CVE Database

Live mirror of NVD and the official CVEProject feed with CVSS, affected products, CPEs, and CWE weaknesses.

Exploit Intelligence

Auto-linked PoCs from GitHub, ExploitDB, and Metasploit, with maturity signals on each entry.

CISA KEV Tracking

Live overlay of the Known Exploited Vulnerabilities catalog — what is actively abused and mandated to patch.

EPSS Scoring

FIRST.org exploit-probability scores on every CVE. Prioritise by likelihood, not just severity.

Scanner Coverage

Nuclei and OpenVAS detection checks mapped to specific CVEs — confirm exposure yourself, or let us scan for you.

CSAF Advisories

CISA CSAF 2.0 advisories for IT and OT/ICS, with remediation guidance and product-level severity.

Semantic Search

Sub-50ms faceted and vector search across 250K+ CVEs — by vendor, product, CWE, attack vector and more.

Trends & Sector Intelligence

Monthly trend reports and AI vendor/sector tagging — see where the threat landscape is moving.

Security News & Pulse

Curated security news with an attention layer — what the industry is actually discussing right now.

MCP, REST API & CLI

Plug in via MCP (Claude, Cursor), call the REST API from scripts, or run cvetools from your terminal.

July 2026
in numbers

One snapshot of where vulnerabilities moved this month — volume, severity, KEV velocity, top vendors and CWEs. New report on the 1st.

Open monthly report
0
— YoY · proj
0
0.0% of total · so far
0
CISA known exploited
-100.0%
projected MoM
projected — month still in progress

Where the data comes from

CVE Tools aggregates, enriches, and structures vulnerability data from authoritative sources. Every record passes through our parsing, scoring, and enrichment pipeline before entering the database.

NVD
3d ago
362.3K

NIST National Vulnerability Database. CVSS scoring, CPE matching, and CWE classification.

BDU FSTEC
Jun 23, 2026
89.6K

Russian FSTEC vulnerability database. Independent severity assessments and remediation data.

CISA CSAF
5d ago
3.8K

CISA CSAF 2.0 advisories for IT and OT/ICS. Industrial control systems security guidance.

CISA KEV
3d ago
1.6K

CISA Known Exploited Vulnerabilities catalog. Confirmed active exploitation in the wild.

CVEProject / cvelistV5
3d ago
356.7K

Official CVE database from CVE Numbering Authorities. Synced from GitHub repository.

GHSA
3d ago
32.6K

GitHub Security Advisories. OSV-format advisories with ecosystem-specific impact data.

Nuclei Templates
4d ago
115.7K

ProjectDiscovery scanner templates. Actionable detection rules linked to CVEs.

OpenVAS NVTs
14h ago
224.3K

Greenbone/OpenVAS NVT checks (by OID). Detection scripts linked to CVEs — the widest open-source scanner coverage.

More sources

OSV, VulnDB, and ZDI integrations are in development. Suggest a source you'd like to see next.

Total source records1.2M

Years of vulnerability data, continuously growing

Coverage from 1999 to present, by publication year. The current year updates in real time as new vulnerabilities are published and synced.

2021
20,544
2022
25,235
2023
29,006
2024
40,027
2025
46,882
2026
33,578

Attack surface in real time

This graph is built from the 5 most-discussed vulnerabilities right now — the CVEs drawing the most attention across security news. It maps affected products through vulnerabilities to MITRE ATT&CK techniques and kill chain stages, showing not just what's broken, but how it could be exploited.

Latest Critical CVEs & Attack Paths

CVE-2026-468179.8

oracle/e-business suite

Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability al...

T1190 Exploit Public-Facing ApplicationT1078 Valid AccountsT1068 Exploitation for Privilege Escalation
CVE-2025-618829.8

oracle/concurrent processing

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploita...

T1190 Exploit Public-Facing ApplicationT1078 Valid Accounts
CVE-2025-670389.8

lantronix/eds5008 firmware

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the c...

T1059 Command and Scripting InterpreterT1190 Exploit Public-Facing Application
CVE-2026-3490910.0

ubiquiti inc/efg

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an u...

T1083 File and Directory DiscoveryT1005 Data from Local System
CVE-2026-352739.8

oracle/peoplesoft enterprise peopletools

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily explo...

T1190 Exploit Public-Facing ApplicationT1078 Valid Accounts

This graph refreshes automatically as new vulnerabilities start trending across security news.

Stop checking vulnerability websites. Start following what matters.

Free to explore. Create an account to track your stack and get alerted the moment your risk changes.