Skip to main content

Terms of Use

1. Acceptance

By accessing or using vuln.today ("the Platform"), you agree to be bound by these Terms of Use. If you do not agree, you must not use the Platform. These terms apply to all users, including registered subscribers and anonymous visitors.

2. About vuln.today

vuln.today is a defensive security intelligence platform that aggregates publicly available vulnerability data to help security professionals, system administrators, SOC analysts, and CISOs understand their threat surface. The Platform provides:

  • CVE data sourced from NVD (NIST), CVE.org, FIRST.org EPSS, and CISA KEV
  • CVSS severity scores, EPSS exploitability metrics, and calculated priority scores
  • Links to public proof-of-concept (PoC) repositories and exploit references on third-party sites
  • AI-generated vulnerability summaries, severity assessments, and ATT&CK technique mappings
  • AI-generated "Hacker's Perspective" analysis describing how a vulnerability class works conceptually
  • AI-generated Shodan OSINT query suggestions for defensive asset inventory and reconnaissance
  • Combat Summaries and remediation guidance for security teams

The service is designed as a supplementary tool for security teams, not a replacement for official vulnerability databases, vendor advisories, or professional security assessments.

3. Permitted Use — Defensive Research Only

All features of vuln.today are provided exclusively for educational, research, defensive security, and lawful penetration testing purposes on systems you own or have explicit written authorization to test.

You expressly agree that you will not use vuln.today to:

  • Attack, compromise, or probe systems, networks, or services you do not own or lack written authorization to test
  • Develop, distribute, or deploy malware, ransomware, or weaponized exploit tools
  • Conduct unauthorized scanning, enumeration, or intrusion of third-party infrastructure
  • Use Shodan query suggestions to identify and target vulnerable systems for unauthorized access
  • Use AI-generated "Hacker's Perspective" content to conduct actual attacks
  • Use PoC links to download, modify, or deploy exploit code against production systems without authorization
  • Facilitate, assist, or enable any of the above by third parties
  • Violate any applicable local, national, or international law, including the Computer Fraud and Abuse Act (CFAA), the UK Computer Misuse Act, EU Directive 2013/40/EU, or equivalent legislation in your jurisdiction

The operator of vuln.today bears no responsibility for any actions taken by users based on the information provided by this service. Users are solely responsible for ensuring that their use of vulnerability information complies with all applicable laws and regulations in their jurisdiction.

4. Data Accuracy & Disclaimer

The information presented on vuln.today is collected and processed automatically from publicly available sources, including but not limited to the National Vulnerability Database (NVD), CVE.org, Exploit-DB, and other public security advisories.

Parts of the content, including vulnerability summaries, severity assessments, vendor/product associations, tag classifications, ATT&CK technique mappings, and priority scores, are generated or enriched using artificial intelligence (large language models). AI-generated content may contain errors, inaccuracies, or incorrect associations.

Specifically, but not limited to:

  • Vendor and product tags may be incorrectly assigned
  • Severity ratings and priority scores are calculated estimates, not authoritative assessments
  • EPSS, CVSS, and other scores are sourced from third parties and may be outdated or inaccurate
  • Patch availability information may not reflect the current state
  • Relationships between CVEs, CWEs, and ATT&CK techniques are approximate mappings
  • Vulnerability summaries may misrepresent the original advisory

vuln.today must not be treated as the sole source of truth. Every piece of information should be independently verified against official vendor advisories and authoritative vulnerability databases before making security decisions.

5. AI-Generated Content

The "Hacker's Perspective" feature, Combat Summaries, AI Sentinel responses, and other AI-enriched content describe vulnerability mechanics at a conceptual level only. The AI is explicitly configured to refuse operational exploitation instructions, working payloads, or step-by-step attack commands targeting real systems.

AI-generated content is for informational purposes and may contain inaccuracies. You must independently verify any AI output before relying on it for security decisions.

vuln.today expressly disclaims any liability arising from misuse of AI-generated content to conduct unauthorized activities.

6. Shodan OSINT Queries

Shodan query suggestions provided by vuln.today are AI-generated for the purpose of defensive asset discovery and inventory on systems you own or are authorized to assess. These queries are informational only and are subject to Shodan's own Terms of Service.

vuln.today is not affiliated with Shodan and does not guarantee the accuracy, completeness, or legality of running any generated query in your specific jurisdiction. You are solely responsible for ensuring your use of Shodan complies with applicable laws and Shodan's terms.

7. Exploit Links & PoC References

vuln.today links to publicly available proof-of-concept repositories and exploit references hosted on third-party platforms such as GitHub and Exploit-DB. These links are provided solely as informational references to help defenders understand publicly known attack techniques.

vuln.today does not host, create, modify, or endorse any exploit code. Accessing linked repositories is at your own risk and subject to the terms of the respective hosting platform.

The existence of a PoC link on vuln.today does not constitute permission, encouragement, or authorization to use that code against any system. You are solely responsible for ensuring your use of any referenced code complies with applicable law.

8. No Warranty

The service is provided "as is" and "as available", without any warranties of any kind, whether express or implied, including but not limited to warranties of accuracy, completeness, reliability, fitness for a particular purpose, or non-infringement.

Users acknowledge that vulnerability management decisions should always be based on multiple sources and professional judgment, and that vuln.today is only one of many tools that can assist in this process.

9. Limitation of Liability

To the fullest extent permitted by applicable law, vuln.today and its operators shall not be liable for any direct, indirect, incidental, special, consequential, or punitive damages — including loss of data, loss of revenue, or damage to systems — arising from:

  • Your use of or inability to use the Platform
  • Your reliance on any vulnerability data, AI output, Shodan query, PoC link, or Hacker's Perspective content
  • Incorrect data, missing information, delayed updates, or service downtime
  • Unauthorized access to or alteration of your data
  • Any conduct or content of any third party referenced on the Platform
  • Any decisions made based on the content presented on this website

This limitation applies even if vuln.today has been advised of the possibility of such damages.

10. Data Sources & No Affiliation

vuln.today aggregates and interprets publicly available vulnerability data. We do not claim ownership of the underlying data. All CVE identifiers are managed by the CVE Program. NVD data is provided by NIST. EPSS data is published by FIRST.org. All trademarks, product names, and company names mentioned on this site belong to their respective owners.

vuln.today is an independent platform and is not affiliated with, endorsed by, or operated by NIST, MITRE, CISA, FIRST.org, Shodan, GitHub, Exploit-DB, or any other government body, standards organization, or third-party service referenced on the Platform.

The interpretation, enrichment, scoring, and presentation of this data is the work of vuln.today and does not represent the views or assessments of the original data providers.

11. Intellectual Property

vuln.today platform code, design, and original written content are the intellectual property of vuln.today. CVE identifiers and CVSS scores are published by NIST and FIRST.org under open-data terms. EPSS data is published by FIRST.org. All third-party data remains the property of its respective owners.

You may not reproduce, redistribute, or create derivative works of vuln.today's original content without written permission.

12. Subscriptions & Billing

Paid subscriptions are processed by Polar.sh. By subscribing, you also agree to Polar.sh's terms of service. Subscription fees are charged on a recurring monthly basis. You may cancel at any time; cancellation takes effect at the end of the current billing period.

vuln.today does not offer refunds except where required by applicable consumer protection law.

13. API Usage

The vuln.today public API is provided for personal and non-commercial research use. Automated bulk scraping, excessive requests that degrade service for other users, or commercial resale of API data without prior written consent are prohibited.

We reserve the right to rate-limit, suspend, or block abusive clients without notice.

14. Termination

We reserve the right to suspend or terminate your account at any time for violation of these Terms, suspected misuse, fraudulent activity, or for any other reason at our sole discretion. Upon termination, your right to use the Platform ceases immediately.

15. Indemnification

You agree to indemnify, defend, and hold harmless vuln.today, its operators, employees, and affiliates from any claims, liabilities, damages, fines, or expenses (including reasonable legal fees) arising out of your use of the Platform, your violation of these Terms, or your violation of any applicable law.

16. Governing Law

These Terms are governed by and construed in accordance with applicable law. Any dispute arising from these Terms or your use of the Platform shall be resolved through good-faith negotiation before pursuing formal legal proceedings.

17. Changes to These Terms

We reserve the right to modify these Terms at any time. The updated date at the top of this page reflects the most recent revision. Continued use after changes constitutes acceptance. Material changes will be communicated via email or a Platform notice where reasonably practicable.

Last updated: April 12, 2026

18. Contact

Questions about these Terms? Email us at support.vulnbase@gmail.com.

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy