Added per Day ø
Updated per Day ø
Commits per Day ø
Number one vulnerability management and threat intelligence platform documenting and explaining vulnerabilities since 1970.
Vulnerability of the Day
Huawei EMUI/Magic UI hwKitAssistant improper authentication
A vulnerability was found in Huawei EMUI and Magic UI. It has been classified as critical. This affects an unknown part of the component hwKitAssistant. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2023-0117. Access to the local network is required for this attack to succeed. There is no exploit available.
Our unique Cyber Threat Intelligence aims to determine the ongoing research of APT actors to anticipiate their acitivities. The CTI team is mapping structures of countries and their relationships to identify tensions and possible attack scenarios. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and social media exchanges makes it possible to identify planned attacks. The Threat Intelligence Platform (TIP) illustrates the interest of cybercriminals and state actors in real-time.
The moderation team is monitoring different sources 24/7 for the disclosure of information about new or existing vulnerabilitities. If a new issue is determined, additional data from other sources is collected and a new VulDB entry created. This entry is then pushed to customers, the web site and accessible via API and social media accounts. Please use the submit feature to suggest new sources and entries.
If the moderation team detects changes of existing vulnerabilities or new data of existing vulnerabilities are getting published, the old entries will be updated. This happens if needed and on a regular basis which concludes in a maximum of data quality. Every entry contains a timestamp of the last update and a change log of updated fields. Please use the edit feature to commit updates to existing entries.
CVSS Current Top
Top vulnerabilities with the highest CVSSv3 temp scores at the moment. The score is generated by separate values which are called vectors. Those vectors define the structure of the vulnerability. They rely on attack prerequisites and impact. The calculated score ranges between 0.0 and 10.0 whereas a high value declares a high risk. The main score is the base score which analyses the structure of the vulnerability only. The extended score called temp score introduces time-based aspects like exploit and countermeasure availability. Our moderators classify every entry to generate a CVSS score as accurate as posible.
Exploit Price Current Top
Top vulnerabilities with the highest exploit price at the moment. These price estimations are calculated prices based on mathematical algorithm. This algorithm got developed by our specialists over the years by observing the exploit market structure and exchange behavior of involved actors. It allows the prediction of generic prices by considering multiple technical aspects of the affected vulnerability. The more technical details are available the higher the accuracy of the reproducable approximation.
Exploits are small tools or larger frameworks which help to exploit a vulnerability or even fully automate the exploitation. The development of exploits takes time and effort which is why an exploit market exists. By observing the market structure it is possible to determine current and to forecast future prices. This information might influence a risk assessment.
Some resarcher or news outlet provide videos discussing vulnerabilities, their possible exploitation or recommended countermeasures. Adding these videos to the vulnerability entries helps users to understand issues and how to address them properly. VulDB is linking to different external video sources and is therefore not responsible for their respective contents.
Interested in the pricing of exploits?
See the underground prices here!