CVEDigest

CVEDigest

Plain-English CVE explainers and a known-exploited-vulnerability timeline.

CVEDigest turns dense CVE records into plain-English explainers. For each vulnerability we show the CVSS severity, the affected vendor and product, a jargon-free summary of how it is exploited, and the concrete remediation step. Our catalog is anchored to the CISA Known Exploited Vulnerabilities (KEV) list — flaws with confirmed real-world exploitation — so it works as a patch-priority shortlist, not just an archive. Currently tracking 40 high-impact CVEs, 8 with known ransomware use.

Source: CISA Known Exploited Vulnerabilities Catalog. Data as of 2026-06-13.

Start here

CVE explainer catalog

Browse every tracked CVE with severity, products and fixes.

 KEV timeline

Actively-exploited vulnerabilities, newest first, with due dates.

 CVSS severity guide

What None to Critical scores mean — and why severity ≠ risk.

 Methodology

Our sources, refresh cadence and known limitations.

Recently added to KEV

CVE-2026-35273

Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability

CVE-2026-10520

Ivanti Sentry OS Command Injection Vulnerability

CVE-2026-11645

Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

CVE-2026-7473

Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability

CVE-2026-20245

Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability

CVE-2026-42271

BerriAI LiteLLM Command Injection Vulnerability

Latest from the blog

CVE vs NVD vs CWE vs CPE: vulnerability acronyms explained

Confused by CVE, NVD, CWE and CPE? A plain-English guide to what each vulnerability database and standard does, who runs them, and how they fit together.

 How a CVE goes from disclosure to exploitation: the lifecycle

The lifecycle of a vulnerability from discovery and coordinated disclosure to CVE assignment, public advisory, exploitation in the wild, and addition to the CISA KEV catalog.

 CVSS scores explained for non-experts (0.0 to 10.0)

A plain-English guide to CVSS scores: what 0.0 to 10.0 means, the None-to-Critical bands, base vs temporal vs environmental metrics, and why severity is not risk.

Read all articles →

What this site is

CVEDigest publishes fast, free, static reference pages in the cybersecurity vulnerabilities space. Every page loads instantly, shows its sources, and links to the authoritative CISA and NVD records. We do not sell scanning, agents, or alerts — we explain. See our methodology for how the data is produced and refreshed, and our disclaimer before acting on any entry.