Home Embedded Vulns General Vulns

ESV-Tracker

An AI-powered database that classifies embedded vulnerabilities separately from general-purpose ones.

No Dedicated Database Existed. Until Now.

Embedded system vulnerabilities are critical, yet buried alongside millions of general CVEs. ESV-Tracker changes that.

Your Embedded Threat Center.

Search the database, track embedded CVEs, and explore real-time statistics — all in one place.

1002
New Embedded Vulns (7 Days)
9042
Active Critical ESVs
openclaw
Top Target (30 Days)
6.95
Average ESV CVSS Score

Vulnerability Trends (Last 6 Months)

ESV Severity Distribution (90 Days)

Top Affected ESV Vendors (90 Days)

  • google 131 Vulns
  • apple 112 Vulns
  • microsoft 69 Vulns
  • adobe 68 Vulns
  • openclaw 66 Vulns

Recent Critical ESVs

CVE-2026-7458 CRITICAL 9.8
CVE-2026-4882 CRITICAL 9.8
CVE-2026-37541 CRITICAL 10.0
CVE-2026-37539 CRITICAL 9.8
CVE-2026-37534 CRITICAL 9.8

Recently Added Vulnerabilities

CVE ID Description Severity Published Type
CVE-2020-6629 Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c. Medium (6.5) 2020-01-09 Environment Specific
CVE-2020-6628 Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c. High (8.8) 2020-01-09 General Purpose
CVE-2020-5205 In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation atta… Medium (6.5) 2020-01-09 General Purpose
CVE-2019-16773 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-20042. Reason: This candidate is a duplicate of… Unknown 2020-01-09 General Purpose
CVE-2020-6625 jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c. High (7.1) 2020-01-09 General Purpose