CVE by Category – Types of Public Vulnerabilities

Vendors and Products

CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.

Identify security flaws by type: injection, XSS, privilege escalation, ...

You can explore CVE (Common Vulnerabilities and Exposures) by category using CWE (Common Weakness Enumeration), which classifies software weaknesses into types such as injection, cross-site scripting (XSS), or memory management flaws. This approach helps identify security risks more efficiently, link to relevant CAPEC attack patterns, and prioritize vulnerabilities based on CVSS and EPSS scores, as well as their impact on the attack surface.

Notifications on CVE

Stay informed of any changes or new CVE.

Notifications manage



CVE ID	Published Modified	Description	Score	Severity	EPSS?	CISA?

The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.

CVE Vulnerabilities Grouped by Weakness Category (CWE)

Identify security flaws by type: injection, XSS, privilege escalation, ...