Sign in Get a demo

Search the entire CVE corpus by dozens of filters.

When the question is "find every CVE matching these specific criteria," generic CVE databases and search engines fall short. Vulnerability Search runs queries against the full CVE corpus enriched with EPSS, CISA KEV, CWE, and CAPEC, with filters for technology, vendor, product, version, severity, and target asset.

Request a demo Get a free threat exposure report
WHAT THIS DOES

Structured CVE search across the enriched corpus.

Vulnerability Search exposes structured queries against the CVE corpus: filter by technology fingerprint (every CVE for nginx 1.18-1.20), by vendor (every Cisco CVE in 2024), by product (every Apache HTTPD CVE), by version range, by CVSS severity threshold, by CISA KEV status, by EPSS percentile, by CWE category. Combine filters as needed.

Beyond corpus queries, the vulnerability finder runs against specific targets: input an FQDN, an IP, or a URL, and get every CVE detected via web technology fingerprinting on that target. Useful for ad-hoc due-diligence on a single domain, IR scoping ("what could the attacker have exploited"), and pre-engagement research.

HOW IT WORKS

Three search modes, one CVE corpus.

Filter-based corpus queries combine arbitrary filters. Target-specific finder runs against any FQDN, IP, or URL. Per-CVE detail provides full enrichment for drill-down.

Filter-based corpus queries.

Combine filters: technology, vendor, product, version, CVSS threshold, EPSS percentile, KEV status, CWE category, publication date range. Each filter narrows the result set; combinations are arbitrary.

Target-specific vulnerability finder.

Input an FQDN, IP, or URL. Get every CVE detected via technology fingerprinting against that target, ranked by EPSS + KEV signal. Same fingerprinting that powers EASM's vulnerability detection, available as a one-shot query.

Per-CVE detail with full enrichment.

For any CVE, the detail view includes CVSS components, EPSS current and historical, CISA KEV status with date added, CWE class with parent/child relationships, CAPEC attack pattern links, exploit-availability indicators, and affected products list.

WHAT IT SURFACES

Examples of vulnerability search results and detail views.

Filter-based result sets

CVE result lists matching arbitrary combinations of filters, exportable for downstream consumption.

Target-scoped CVE list

Every CVE detected against an FQDN, IP, or URL, ranked by exploitation signal.

Per-CVE detail

Full CVSS, EPSS, KEV, CWE, and CAPEC enrichment for any CVE, including exploit-availability indicators.

Affected products list

Vendor / product / version triples affected by each CVE, supporting impact scoping.

Exploit availability indicator

Public-exploit and weaponization indicators where data exists.

EPSS history

Time-series EPSS scores per CVE, showing how prediction has shifted over time.

Cross-references

Links to related CVEs through shared CWE class or CAPEC pattern.

PART OF DSI

Search complements aggregate intelligence.

Vulnerability Search answers specific questions ("which CVEs match these criteria"). Vulnerability Intelligence answers structural questions ("how is this category trending"). The pattern mirrors Domain Search and Domain Intelligence. Together they cover the search-and-research surface for the CVE corpus, with Instant Lookups handling fast single-target queries.

DSI · VULNERABILITY INTELLIGENCE

Vulnerability Intelligence

Learn more DSI · DOMAIN SEARCH

Domain Search

Learn more DSI · INSTANT LOOKUPS

Instant Lookups

Learn more
← Back to DSI

“Filtering CVEs by EPSS, KEV, vendor, CWE, and exploitability all in one query cut our patch prioritization meetings down to a few hours. Engineering knows what to fix first because the math is in the search.”

— Vulnerability Manager, Energy Utility
CONTINUE EXPLORING

Explore the full platform.

EASM · EXTERNAL ATTACK SURFACE MANAGEMENT

See your entire attack surface. Act on what matters.

Continuous discovery and monitoring of every internet-facing asset, including subsidiaries and acquired companies.

See module CTI · CYBER THREAT INTELLIGENCE

See what’s exposed. Act before it’s exploited.

Dark-web monitoring, breach corpora, infostealer logs, and threat-actor activity tied to your organization.

See module BRP · BRAND RISK PROTECTION

Keep an eye on the internet. Protect your brand.

Lookalike domains, fake apps, fraudulent listings, and brand abuse caught in hours, not weeks.

See module TPRM · THIRD-PARTY RISK MANAGEMENT

Every third party carries risk. See all of it.

Continuous external monitoring of every approved vendor with the same depth as your own surface.

See module DSI · DEEP SEARCH AND INSIGHTS

Explore the entire internet. See every layer.

400M domains, 2B subdomains, 200B DNS records, 30B SSL certificates. All queryable directly.

See module
SEARCH THE CORPUS

Find CVEs matching your research criteria.

Book a demo. We'll run sample searches scoped to a technology, vendor, or target you bring.

Request a demo