Am I actually vulnerable?
Paste a CVE ID and get the exact detection check to run against your own systems — a ready-to-run Nuclei command or the OpenVAS NVT OID with a GMP query to confirm a host is affected.
Latest high-severity CVEs you can verify
Newest critical/high vulnerabilities a scanner can check — Nuclei or OpenVAS.
WordPress < 7.0.2 - REST API batch-route confusion and SQL injection issue leading to Remote Code Execution
9Router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
9Router 0.4.41 - Unauthenticated API Exposure via /api/providers
Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
Gitea Composer package source links use insufficient permission checks
WPBot <= 8.4.9 - Unauthenticated Stored Cross-Site Scripting via 'conversation' Parameter
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending CVEs to verify now
What the security world is discussing right now — and can be checked with a scanner.
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized co...
Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2....
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the Machine...
Cisco Small Business RV Series Routers Vulnerabilities
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.
Frequently asked questions
How do I check whether a host is affected by a CVE?
Enter the CVE ID above. If a scanner covers it, we hand you the exact check to run against your own target — a ready-to-run Nuclei command and/or the OpenVAS NVT OID with a GMP query to confirm the NVT is in your feed.
Is there a Nuclei template for this CVE, and how do I run it?
When an official ProjectDiscovery template exists we give you the template ID and a copy-ready command (nuclei -id <CVE> -u <target>). If no template is published yet, we say so plainly rather than fabricate one.
What is the OpenVAS NVT OID for a CVE and how do I confirm it?
We list the detecting NVT OID(s) and a GMP query (get_nvts nvt_oid=...) so you can confirm the NVT is present in your Greenbone feed at your feed version before trusting a clean result.
Does a positive detection mean the host is exploitable?
No. These are detection checks — they fingerprint the vulnerable condition (service, version, reachable endpoint), not exploitability. Cross-reference CISA KEV and EPSS to judge real-world risk.
What if no scanner covers the CVE I'm checking?
Not every CVE has a published Nuclei or OpenVAS check. When neither covers it, we tell you and point you to the affected products so you can check manually — or run a managed external scan and we'll confirm exposure for you.