Know which vulnerabilities
actually matter to you.
Discover what's targeting Oracle PeopleSoft
A live database of 342.8K vulnerabilities — 65.4K linked to public exploit code and 1.6K confirmed exploited (CISA KEV). Continuously synced from NVD, GHSA, CISA KEV, and CSAF advisories — enriched with EPSS scores, exploit links, Nuclei & OpenVAS scanner checks, and MITRE ATT&CK mappings. Ranked by real-world exploitation, and filtered to the software you actually run.
Every day, security information is published everywhere.
Vulnerability intelligence lives in dozens of places at once — each with its own format, feed and update cadence.
Having all these sources isn't the problem. Bringing them together — and knowing what actually matters — is.
Multiple intelligence sources, one place.
We collect, connect and enrich every source into a single page per CVE. No ten open tabs.
Everything you need about a vulnerability.
One CVE. Every source we track about it — joined on a single page.
A single page that joins every source below — no ten tabs, no manual research.
Find exploitable CVEs in milliseconds
KEV, exploits, EPSS, CWE, vendor, attack vector — combine any filter over 250K+ CVEs. Sub-50ms.
What's discussed now
The CVEs the security world is talking about right now — ranked, with why they matter.
- 1CVE-2026-35273KEVNUCLEISUSTAINEDin-the-wildEPSS shift
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily explo...
9.8100 - 2CVE-2026-48558KEVSUSTAINEDin-the-wildKEV added
SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification
10.098 - 3CVE-2026-46817SUSTAINEDin-the-wild
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability al...
9.860 - 4CVE-2025-61882KEVNUCLEISUSTAINEDin-the-wild
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploita...
9.845 - 5CVE-2026-33825KEVSUSTAINEDin-the-wild
Microsoft Defender Elevation of Privilege Vulnerability
7.831 - 6CVE-2026-48844RISINGhypeexploit clicks
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has bee...
7.524 - 7CVE-2026-12569KEVSUSTAINEDin-the-wildviews
Remote Code Execution (RCE) vulnerability in Windchill PDMlink
9.818 - 8CVE-2026-20230KEVSUSTAINEDin-the-wildviews
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote atta...
8.618 - 9CVE-2017-10271KEVNUCLEISUSTAINEDviewsexplain
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2....
7.516 - 10CVE-2025-61884KEVNUCLEIRISINGin-the-wild
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allow...
7.516
Stop scanning 250,000 CVEs.
Watch the ones that matter to you.
Import the software you run and get a live feed of exploited vulns, KEV entries and public exploits for your exact products — then act on the few that matter and defer the rest with a defensible record.
- Import onceHost scan, SBOM, or a single CLI command — cvetools resolves your software to canonical products.
- Only what hits youPer-product CVE, CISA-KEV and public-exploit counts — ranked, no 250K-row noise.
- Decide with proofAct on the few that meet your cut-line, defer the rest with a frozen audit trail — and they auto-escalate if they cross the line.
- Told when it mattersGet alerted the moment a new exploited vulnerability lands on something you run.
You track CVEs. Do you know which of your systems are exposed to them right now?
A free external review — from the attacker's side. We map your exposed services, forgotten systems and employee passwords found in breaches. No install, no access to your systems, no obligation.
Just your primary domain to begin · reviewed by practicing pentesters
Search finds a page. cve.tools gives you the whole picture.
All numbers are live. Our sync pipeline pulls vulnerability data from CVEProject, NVD, GHSA, CISA KEV, CSAF advisories, and other authoritative sources — enriched and scored automatically.
Everything you need to work with vulnerabilities
CVE Tools is not just a database — it's a complete vulnerability intelligence workstation. Every CVE is enriched, linked, and queryable through multiple interfaces.
Threat Radar
Threats ranked by real-world signal — exploitation, KEV, EPSS and news attention — in one Act-now queue.
My Stack — Personal Threat Console
Import the software you run and track only the CVEs, KEV entries and exploits that actually hit your products.
CVE Database
Live mirror of NVD and the official CVEProject feed with CVSS, affected products, CPEs, and CWE weaknesses.
Exploit Intelligence
Auto-linked PoCs from GitHub, ExploitDB, and Metasploit, with maturity signals on each entry.
CISA KEV Tracking
Live overlay of the Known Exploited Vulnerabilities catalog — what is actively abused and mandated to patch.
EPSS Scoring
FIRST.org exploit-probability scores on every CVE. Prioritise by likelihood, not just severity.
Scanner Coverage
Nuclei and OpenVAS detection checks mapped to specific CVEs — confirm exposure yourself, or let us scan for you.
CSAF Advisories
CISA CSAF 2.0 advisories for IT and OT/ICS, with remediation guidance and product-level severity.
Semantic Search
Sub-50ms faceted and vector search across 250K+ CVEs — by vendor, product, CWE, attack vector and more.
Trends & Sector Intelligence
Monthly trend reports and AI vendor/sector tagging — see where the threat landscape is moving.
Security News & Pulse
Curated security news with an attention layer — what the industry is actually discussing right now.
MCP, REST API & CLI
Plug in via MCP (Claude, Cursor), call the REST API from scripts, or run cvetools from your terminal.
July 2026
in numbers
One snapshot of where vulnerabilities moved this month — volume, severity, KEV velocity, top vendors and CWEs. New report on the 1st.
Open monthly report →Where the data comes from
CVE Tools aggregates, enriches, and structures vulnerability data from authoritative sources. Every record passes through our parsing, scoring, and enrichment pipeline before entering the database.
NIST National Vulnerability Database. CVSS scoring, CPE matching, and CWE classification.
Russian FSTEC vulnerability database. Independent severity assessments and remediation data.
CISA CSAF 2.0 advisories for IT and OT/ICS. Industrial control systems security guidance.
CISA Known Exploited Vulnerabilities catalog. Confirmed active exploitation in the wild.
Official CVE database from CVE Numbering Authorities. Synced from GitHub repository.
GitHub Security Advisories. OSV-format advisories with ecosystem-specific impact data.
ProjectDiscovery scanner templates. Actionable detection rules linked to CVEs.
Greenbone/OpenVAS NVT checks (by OID). Detection scripts linked to CVEs — the widest open-source scanner coverage.
OSV, VulnDB, and ZDI integrations are in development. Suggest a source you'd like to see next.
Years of vulnerability data, continuously growing
Coverage from 1999 to present, by publication year. The current year updates in real time as new vulnerabilities are published and synced.
Attack surface in real time
This graph is built from the 5 most-discussed vulnerabilities right now — the CVEs drawing the most attention across security news. It maps affected products through vulnerabilities to MITRE ATT&CK techniques and kill chain stages, showing not just what's broken, but how it could be exploited.
Latest Critical CVEs & Attack Paths
oracle/e-business suite
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability al...
oracle/concurrent processing
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploita...
lantronix/eds5008 firmware
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the c...
ubiquiti inc/efg
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an u...
oracle/peoplesoft enterprise peopletools
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily explo...
This graph refreshes automatically as new vulnerabilities start trending across security news.
Stop checking vulnerability websites.
Start following what matters.
Free to explore. Create an account to track your stack and get alerted the moment your risk changes.