Am I actually vulnerable?
Paste a CVE ID and get the exact detection check to run against your own systems — a ready-to-run Nuclei command or the OpenVAS NVT OID with a GMP query to confirm a host is affected.
Latest high-severity CVEs you can verify
Newest critical/high vulnerabilities a scanner can check — Nuclei or OpenVAS.
Gitea Composer package source links use insufficient permission checks
Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints
YMC Smart Filter < 3.11.3 - Unauthenticated Private/Draft Post Disclosure
SiYuan: Path Traversal via Double URL Encoding in /assets/*path (publish mode arbitrary file─read)
LobeHub: Unauthenticated SSRF in `/webapi/proxy`
WordPress JobBank plugin <= 1.2.3 - Broken Access Control vulnerability
WordPress Integrate Google Drive plugin <= 1.3.8 - Broken Access Control vulnerability
WordPress ChatBot Conversational Forms plugin <= 1.1.8 - Arbitrary File Download vulnerability
Trending CVEs to verify now
What the security world is discussing right now — and can be checked with a scanner.
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily explo...
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploita...
Langflow < 1.3.0 Unauthenticated RCE via /api/v1/validate/code
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
Authentication bypass
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
Microsoft SharePoint Server Remote Code Execution Vulnerability
Frequently asked questions
How do I check whether a host is affected by a CVE?
Enter the CVE ID above. If a scanner covers it, we hand you the exact check to run against your own target — a ready-to-run Nuclei command and/or the OpenVAS NVT OID with a GMP query to confirm the NVT is in your feed.
Is there a Nuclei template for this CVE, and how do I run it?
When an official ProjectDiscovery template exists we give you the template ID and a copy-ready command (nuclei -id <CVE> -u <target>). If no template is published yet, we say so plainly rather than fabricate one.
What is the OpenVAS NVT OID for a CVE and how do I confirm it?
We list the detecting NVT OID(s) and a GMP query (get_nvts nvt_oid=...) so you can confirm the NVT is present in your Greenbone feed at your feed version before trusting a clean result.
Does a positive detection mean the host is exploitable?
No. These are detection checks — they fingerprint the vulnerable condition (service, version, reachable endpoint), not exploitability. Cross-reference CISA KEV and EPSS to judge real-world risk.
What if no scanner covers the CVE I'm checking?
Not every CVE has a published Nuclei or OpenVAS check. When neither covers it, we tell you and point you to the affected products so you can check manually — or run a managed external scan and we'll confirm exposure for you.