All numbers are live. Our sync pipeline pulls vulnerability data from CVEProject, NVD, GHSA, CISA KEV, CSAF advisories, and other authoritative sources — enriched and scored automatically.
The latest critical vulnerabilities discovered in the wild. These CVEs scored 9.0+ on CVSS and were published in the last 24–48 hours. Each one is automatically enriched with exploit data, affected products, and ATT&CK mappings the moment it enters our pipeline.
6 new critical CVEs in the last 24 hours
WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability
WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability
WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability
WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulnerability
Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x
Search across 335.4K CVEs by ID, description, vendor, CWE, or natural language query. Powered by semantic search — describe what you're looking for, and we'll find it.
CVE Tools is not just a database — it's a complete vulnerability intelligence workstation. Every CVE is enriched, linked, and queryable through multiple interfaces.
Continuously synced from the official CVEProject repository. Every record includes CVSS scores, affected products, CPE identifiers, CWE weaknesses, and full version range details. Filter by severity, vendor, date range, exploit availability, and more.
Automatically discovers and links proof-of-concept exploits from GitHub repositories, ExploitDB entries, and Metasploit modules. Know instantly which CVEs have weaponized code available — and how mature it is.
Community-maintained and AI-generated Nuclei scanner templates mapped to specific CVEs. Use them to validate whether your infrastructure is affected, or generate new templates with the AI assistant.
Every CVE includes its EPSS (Exploit Prediction Scoring System) score from FIRST.org, updated regularly. Prioritize remediation by real-world exploit probability — not just theoretical severity.
Tracks the Known Exploited Vulnerabilities catalog maintained by CISA. Flag CVEs that are confirmed exploited in the wild and that US federal agencies are mandated to patch.
CISA CSAF 2.0 advisories covering IT vulnerabilities and OT/ICS industrial control systems. Includes remediation guidance, affected product details, and severity assessments for critical infrastructure.
Interactive visualization mapping products to CVEs to MITRE ATT&CK techniques and kill chain stages. Understand not just what's vulnerable — but how an attacker would chain it.
Chat with an AI security analyst about any CVE. Ask for impact analysis, get remediation recommendations, compare vulnerabilities, generate detection rules, or query the database in plain English.
Integrate CVE Tools into your workflow. Use the Model Context Protocol server with Claude, Cursor, or any MCP-compatible tool. Or call the REST API directly from your scripts, SIEM, or ticketing system.
From a searchable database with deep filters to an AI analyst you can talk to — every screen is built for security teams that need answers fast.
250,000+ CVEs with a sidebar packed with filters. Combine KEV status, exploit availability, EPSS range, CWE, vendor, attack vector, and date range. Sub-50ms results via Typesense.
This graph is built automatically from the 3 most recent critical CVEs in our database. It maps affected products through vulnerabilities to MITRE ATT&CK techniques and kill chain stages — showing not just what's broken, but how it could be exploited.
Dassault Systèmes/Magic Collaboration Studio
Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x
Tomdever/wpForo Forum
WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability
Rocketgenius Inc./Gravity Forms
WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability
This graph updates automatically when new critical CVEs are discovered and enriched.
We continuously scan multiple exploit sources and link them to CVEs in our database. When a new proof-of-concept appears on GitHub, a Metasploit module gets published, or a Nuclei template is created — we pick it up and connect it to the right vulnerability automatically.
Exploit data is refreshed alongside CVE sync. New links appear within hours of public disclosure.
Our database covers CVEs from 1999 to present. The chart below shows accepted CVE counts by publication year. The current year updates in real time as new vulnerabilities are published and synced.
The most frequently affected vendors in our database — and counting.
CVE Tools aggregates, enriches, and structures vulnerability data from authoritative sources. Every record passes through our parsing, scoring, and enrichment pipeline before entering the database.
Official CVE database from CVE Numbering Authorities. Synced from GitHub repository.
NIST National Vulnerability Database. CVSS scoring, CPE matching, and CWE classification.
Russian FSTEC vulnerability database. Independent severity assessments and remediation data.
GitHub Security Advisories. OSV-format advisories with ecosystem-specific impact data.
ProjectDiscovery scanner templates. Actionable detection rules linked to CVEs.
CISA CSAF 2.0 advisories for IT and OT/ICS. Industrial control systems security guidance.
CISA Known Exploited Vulnerabilities catalog. Confirmed active exploitation in the wild.
OSV, VulnDB, and ZDI integrations are in development. New sources are added as modular pipeline stages.
Each CVE is parsed, scored by CVSS, classified by priority, matched to affected products via CPE, and enriched with exploit and threat intelligence data.
Only CVEs meeting the severity threshold (CVSS ≥ 7.0 by default) are accepted into the database. Reserved and disputed entries are excluded.
Distribution across 335,382 accepted CVEs
Create a free account to access the full CVE database, AI-powered analysis, exploit intelligence, attack surface visualization, and API integrations. No credit card required.