4 New Features
API for Initial Access Intelligence Snort and Suricata Signatures
Two API endpoints have been added for Initial Access Intelligence Snort and Suricata signatures.
CVE Search Updates
- Added functionality to help sanitize and validate the CVE ID.
- Revamped details page based on community feedback.
Community Browse powered by nist-nvd2
- You can now browse vulnerabilities powered by this index here
mitre-cve is now accessable via the community
13 new initial-access advisories
CrushFTP Arbitrary File Read via SSTI was added on Apr, 25 and is found in 1 product.
View more detail on CVE-2024-4040
D-Link NAS Command Injection was added on May, 4 and is found in 4 products.
View more detail on CVE-2024-3273
D-Link NAS Hard-Coded Credentials was added on May, 4 and is found in 4 products.
View more detail on CVE-2024-3272
Cacti cmd_realtime.php RCE Attempt was added on May, 16 and is found in 1 product.
View more detail on CVE-2024-29895
OpenMetadata JWT Bypass RCE was added on May, 12 and is found in 1 product.
View more detail on CVE-2024-28255
JetBrains TeamCity Authentication Bypass was added on May, 13 and is found in 1 product.
View more detail on CVE-2024-23917
Netgear VPN Configuration Backup RCE was added on May, 2 and is found in 2 products.
View more detail on CVE-2024-23690
Citrix NetScaler Information Disclosure (Memory Leak) was added on May, 16 and is found in 2 products.
View more detail on CVE-2023-6549
Struts Path Traversal RCE was added on May, 20 and is found in 1 product.
View more detail on CVE-2023-50164
Tinyproxy UAF was added on May, 12 and is found in 1 product.
View more detail on CVE-2023-49606
pgAdmin Validate Binary Injection was added on May, 14 and is found in 1 product.
View more detail on CVE-2022-4223
Apache Tomcat 'Ghostcat' File Leak was added on Apr, 30 and is found in 1 product.
View more detail on CVE-2020-1938
Apache Tomcat WebDAV Webshell Upload was added on Apr, 30 and is found in 1 product.
View more detail on CVE-2017-12617
15 new indices
CISA Vulnrichment
The CISA Vulnrichment project is the public repository of CISA's enrichment of public CVE records through CISA's ADP (Authorized Data Publisher) container. In this phase of the project, CISA is assessing new and recent CVEs and adding key SSVC decision points. Once scored, some higher-risk CVEs will also receive enrichment of CWE, CVSS, and CPE data points, where possible.
Rocky Errata
Rocky Errata is a collection of official notifications released by Rocky Linux to address security vulnerabilities and updates. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure security.
VMWare Security Advisories
VMWare security advisories are official notifications released by Broadcom to address security vulnerabilities and updates. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure security.
CERT IN Security Advisories
CERT IN security advisories are official notifications released by India's national CERT (Computer Emergency Response Team) to address security vulnerabilities and updates. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure security.
Alpine Purls
Alpine purls is a collection of Alpine package purls with their associated versions and cves.
Arch Purls
Arch purls is a collection of Amazon package purls with their associated versions and cves.
Amazon Purls
Amazon purls is a collection of Amazon package purls with their associated versions and cves.
CentOS Purls
CentOS purls is a collection of CentOS package purls with their associated versions and cves.
ChainGuard Purls
ChainGuard purls is a collection of ChainGuard package purls with their associated versions and cves.
Browse the chainguard-purls index
OpenEuler Purls
OpenEuler purls is a collection of open euler package purls with their associated versions and cves.
Browse the openeuler-purls index
Rocky Purls
Rocky purls is a collection of rocky package purls with their associated versions and cves.
Suse Purls
Suse Purls is a collection of debian package purls with their associated versions and cves.
Wolfi Purls
Wolfi Purls is a collection of wolfi package purls with their associated versions and cves.
Debian Purls
Debian Purls is a collection of debian package purls with their associated versions and cves.
Cert SE Security Advisories
CERT SE security advisories are official notifications released by Sweden's national CSIRT (Computer Security Incident Response Team) to address security vulnerabilities and updates. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure security.
- 29 new Initial Access advisories
- 16 New indices
- 4 New Features
- 13 new Initial Access advisories
- 15 New indices
- 13 New indices
- 11 new Initial Access entries
- New Initial Access features
- 3 New indices including Microsoft KB list by CVE
- 5 new Initial Access entries
- Upgraded dashboard, and the VulnCheck KEV Browser
- 6 New indices including OpenCloud Vulnerability & Security Issue Database
- 5 New Initial Access artifacts
- New Features
- 3 New Advisories
- 10 New Indices
- CVE Browser
- 4 new Initial Access advisories
- New query parameters for the ipintel-* IP Intelligence indexes and more
- 33 new indices including Microsoft Security Updates
- Introducing VulnCheck IP Intelligence
- 5 new Initial Access advisories
- 17 new indices
- Recent IA activity including Apache Druid Log4Shell and ownCloud graphapi
- 17 new Indices including LG security, and several Apache projects
- 20 new Indices including mitre-attack-cve, botnets, and ransomware
- 5 new Indices including osv and cbl-mariner
- New Changelog Initial Access Details
- 20 new indices including nokia, blackberry, and iava
- Search for aliases in all indices
- 30 new indices including checkpoint, jetbrains, and bitdefender
- New indices: epss, vulnerability-aliases, and threat-actors
- More Indices: kubernetes, rustsec-advisories, hashicorp, wolfssl, zoom, and salesforce
- New Documentation Portal
- 64 New Indices
- New Index: vulncheck-nvd2 - NIST NVD V2.0 data supplemented with VulnCheck Data
- New Indices: twcert, vde, watchguard, vyaire, and ubiquiti
- New Indices: usom, zimba, zyxel, yokogawa, nodejs, and hkcert
- We have a booth at BlackHat. Come say hi!
- New Indices: schneider-electric, dell, arch, debian, rocky, and wolfi
- Fixes to the github-exploits backup
- New Indexes: vulncheck-nvd, eol and many more
- New Indexes: nist-nvd and many more
- Multi-region support for backups
- Portal Feature: Employee Invitations
- New package managers for PURL queries
- 13 New Indexes
- OPAM, Wolfi and Swift support for PURL queries
- New V3 Exploits Index
- About 25+ more Indices
- We are now a CVE Numbering Authority
- Postman collection support
- New package managers added to our PURL support
- Providing Fixed Version in OS package manager support
- New package types support for PURL: Maven, PHP, Ruby, and Rust
- 5 New Indices: ABB, AlmaLinux, Alpine Linux, AWS and Apple
- New Endpoint: Request vulns related to a PURL
- Snort Rule added to initial-access index
- New Endpoint: Request vulns related to a CPE
- New Index: Debian Security Tracker
- Welcome to the VulnCheck Changelog
- New Indices: CNVD Flaws and CNVD Bulletins
