Are you actually vulnerable?
Confirm whether your systems are exposed — not just that a CVE exists. Paste a CVE ID and get a free, ready-to-run check in seconds.
What is Nuclei?
The free scanner behind every check on this page.
That's the whole idea — each CVE here hands you this command, pre-filled. Install Nuclei ↗
How it works
Latest high-severity CVEs you can verify
Newest critical/high vulnerabilities that ship a Nuclei template.
- CVE-2025-69189WordPress JobBank plugin <= 1.2.3 - Broken Access Control vulnerability7.3◎ 1
- CVE-2024-32949WordPress Integrate Google Drive plugin <= 1.3.8 - Broken Access Control vulnerability8.3◎ 1
- CVE-2024-32729WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerability7.5◎ 1
- CVE-2025-31013WordPress Themify Folo theme <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability7.1◎ 8
- CVE-2026-22343WordPress WordPress Dating Theme theme <= 11.2.0 - Broken Access Control vulnerability8.6◎ 1
- CVE-2026-22342WordPress WordPress Dating Theme theme <= 11.2.0 - Cross Site Request Forgery (CSRF) to Account Takeover vulnerability8.8◎ 1
- CVE-2026-22340WordPress WPJobster theme <= 6.3.5 - SQL Injection vulnerability9.3◎ 1
- CVE-2026-22339WordPress WPJobster theme <= 6.3.5 - Reflected Cross Site Scripting (XSS) vulnerability7.1◎ 1
Trending CVEs to verify now
What the security world is discussing right now — and can be checked with Nuclei.
- CVE-2026-20253↑ trendingUnauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk EnterpriseKEV◎ 1
- CVE-2026-48907↑ trendingJoomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5KEV◎ 1
- CVE-2026-4020↑ trendingGravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API◎ 1
- CVE-2026-39808↑ trendingA improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized co...◎ 1
- CVE-2026-35616↑ trendingA improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.KEV◎ 1
- CVE-2023-3519↑ trendingUnauthenticated remote code executionKEV◎ 1
- CVE-2025-24813↑ trendingApache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUTKEV◎ 1
- CVE-2025-5777↑ trendingNetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overreadKEV◎ 1
Frequently asked questions
Is Nuclei free?
Yes. Nuclei is free and open-source, maintained by ProjectDiscovery. There is nothing to buy to run the checks on this page.
Is it legal to scan?
Yes — when you scan systems you own or have permission to test. These checks verify your own exposure (detection), not attack others. Never run them against targets you do not control.
Do I need to be a security expert?
No. If you can paste a command into a terminal and swap in your own address, you can run a check. Each CVE gives you the exact command, ready to paste.
What does the check actually do?
It sends one or more requests to the target you specify and inspects the response to decide whether the vulnerability is present. Detection only — it does not change or break anything.
What if there is no template for my CVE?
Not every CVE has a published template yet. When one does not exist you cannot run an automated check here — a good moment to request a hands-on scan instead.
Nuclei vs a paid scan — what is the difference?
Running Nuclei yourself is free and fully in your control. A paid Scan is done for you — an external review of what is exposed, without you setting anything up.