CVE Tools
Detection, not speculation · Nuclei + OpenVAS

Am I actually vulnerable?

Paste a CVE ID and get the exact detection check to run against your own systems — a ready-to-run Nuclei command or the OpenVAS NVT OID with a GMP query to confirm a host is affected.

Free · runs locally · no signup

scanner coverage live
151,496CVEs you can self-check
detectable today by Nuclei or OpenVAS
Nuclei0
OpenVAS119,327
In CISA KEV
0
Newest check added
Nuclei 5d ago
OpenVAS 4d ago
Prefer we run it? Managed external scan
Running the check once is easy — the work is knowing every asset it applies to and re-running it as your surface shifts. We do continuous external scanning across your public IPs and domains and report only what's actually exposed. External-only, non-intrusive, no agents.
Scan my external estate

Latest high-severity CVEs you can verify

Newest critical/high vulnerabilities a scanner can check — Nuclei or OpenVAS.

Trending CVEs to verify now

What the security world is discussing right now — and can be checked with a scanner.

CVE-2026-35273↑ trendingKEV◎ 1

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily explo...

CVE-2025-61882↑ trendingKEV◎ 1

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploita...

CVE-2017-10271↑ trendingKEV◎ 1

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2....

CVE-2025-61884↑ trendingKEV◎ 1

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allow...

CVE-2022-22956↑ trending◎ 1

VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism an...

CVE-2026-30958↑ trending◎ 1

OneUptime: Path Traversal — Arbitrary File Read (No Auth)

CVE-2025-30220↑ trending◎ 1

GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling

CVE-2025-29635↑ trendingKEV◎ 1

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibi...

Frequently asked questions

How do I check whether a host is affected by a CVE?

Enter the CVE ID above. If a scanner covers it, we hand you the exact check to run against your own target — a ready-to-run Nuclei command and/or the OpenVAS NVT OID with a GMP query to confirm the NVT is in your feed.

Is there a Nuclei template for this CVE, and how do I run it?

When an official ProjectDiscovery template exists we give you the template ID and a copy-ready command (nuclei -id <CVE> -u <target>). If no template is published yet, we say so plainly rather than fabricate one.

What is the OpenVAS NVT OID for a CVE and how do I confirm it?

We list the detecting NVT OID(s) and a GMP query (get_nvts nvt_oid=...) so you can confirm the NVT is present in your Greenbone feed at your feed version before trusting a clean result.

Does a positive detection mean the host is exploitable?

No. These are detection checks — they fingerprint the vulnerable condition (service, version, reachable endpoint), not exploitability. Cross-reference CISA KEV and EPSS to judge real-world risk.

What if no scanner covers the CVE I'm checking?

Not every CVE has a published Nuclei or OpenVAS check. When neither covers it, we tell you and point you to the affected products so you can check manually — or run a managed external scan and we'll confirm exposure for you.