Launching today!. Volerion transforms raw CVEs into structured and instant insights. #CVE #CyberSecurity #infosec

🚨 CVE-2025-53643: AIOHTTP’s pure-Python parser lets attackers smuggle HTTP requests, slipping past proxies or WAFs. Upgrade to 3.12.14+ ASAP! Full advisory ➡️ #Python #infosec #AppSec.

🚨 CVE-2025-1220: PHP’s fsockopen() can be tricked with a null byte, allowing unauthenticated SSRF. Patch to 8.1.33 / 8.2.29 / 8.3.23 / 8.4.10 now! Full advisory ➡️ #PHP #infosec #AppSec.

🚨 CVE-2025-6491: A crafted SOAP message with an oversized XML namespace can crash PHP remotely, no login needed. Patch to 8.1.33 / 8.2.29 / 8.3.23 / 8.4.10 to keep sites online! Full advisory ➡️ #PHP #infosec #DevOps.

🚨 CVE-2021-4458: Unauthenticated SQL injection in Modern Events Calendar Lite lets attackers read your WordPress database. Patch to 6.4.0+ now! Full advisory ➡️ #WordPress #infosec #AppSec.

🚨 CVE-2020-36847: Unauthenticated file upload in Simple File List lets attackers run code on your WordPress server. Exploit is in the wild. Update to 4.2.3+ now! Full advisory ➡️ #WordPress #infosec #AppSec.

🚨 CVE-2025-6970: Events Manager plugin for WordPress has an unauthenticated SQL injection via the orderby parameter. Update to 7.0.4 or 6.6.5 ASAP! Full advisory ➡️ #WordPress #infosec #AppSec.

But how does this actually work? We explain the technical details in our blog at

Our models identified the correct product (CPE), versions (semver) and gathered remediation options. This data is available through our API within minutes after a CVE is published.

🚨 CVE-2025-49005: Cache poisoning in Next.js App Router & Vercel CLI can swap HTML for React Server Components, breaking pages for all visitors. Upgrade to Next.js 15.3.3 + Vercel CLI 42.2.0 and redeploy. More info ➡️ #Nextjs #infosec #webdev.

Although the framework is popular mainly in mainland China, many ERP deployments expose the vulnerable endpoint to the internet. Read more at our blog:

🚨 CVE-2025-34039: Unauthenticated BeanShell servlet in Yonyou UFIDA NC ≤6.5 lets attackers run arbitrary code on your server. Patch from Yonyou ASAP! More info ➡️ #infosec #ERP #AppSec.

You can expect a handful of blog posts each month, deep diving into the highest scoring CVEs. From root causes, to exploits to remediation. We will cover it.

We just launched our blog!.

RT @rub003: CVSS can be confusing. Therefore, I've created a CVSS calculator with lots of information (click the ? icons) and even a guided….

@MITREcorp @FIRSTdotOrg @CISAgov Shout out to BBAC!.

@MITREcorp @FIRSTdotOrg @CISAgov This is only the start of our journey. We are actively working on a revised CVSS strategy (this is going to be amazing!), additional data sources and even more comprehensive product matching. Drop a comment below what you would like to see implemented.

@MITREcorp @FIRSTdotOrg @CISAgov Like to be early? So do we! Subscribe to our free newsletter so we can notify you when we detect a high risk CVE.

@MITREcorp @FIRSTdotOrg @CISAgov At Volerion, we publish out data free for humans; paid for computers. In order to keep our advisories free, we developed a nifty API that provides access to our data in a structured manner. Interested?

We're proud to build upon the incredible work of established standards like CVE, CVSS, and CPE—developed by @MITREcorp, @FIRSTdotOrg, @CISAgov (and many others) respectively. These standards are foundational to the security community, and we deeply appreciate the efforts behind.

Live example →