Skip to main content

Vulnerability Intelligence (OEM)

OEM Vulnerability Intelligence APIs provide premium access to comprehensive vulnerability databases with advanced features including caching, enhanced result limits, and detailed audit logging.

Authentication: Enterprise API key required with OEM module enabled.

Rate Limiting: No rate limits for OEM customers.

Caching: 24-hour TTL caching for improved performance.

Result Limits: Up to 50 results per query (5x standard limit).

Search for vulnerabilities by CVE identifier, description, or vendor/product information from the NVD Database with OEM-level access.

HTTP Request

POST https://fullhunt.io/api/v1/oem/vulnerability-intelligence/vulnerability-search

Request Body

ParameterTypeRequiredDescription
queryStringYesThe search query (CVE identifier, description, or vendor/product). Must be 3-50 characters long.
query_tagsObjectNoCustom tags for query tracking and organization

Example Request

curl -X POST "https://fullhunt.io/api/v1/oem/vulnerability-intelligence/vulnerability-search" \
  -H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "CVE-2014-0160",
    "query_tags": {
      "project": "security-assessment",
      "team": "red-team"
    }
  }'

Example Response

{
  "response": [
    {
      "source": "nvd",
      "cve_id": "CVE-2014-0160",
      "title": "CVE-2014-0160",
      "description": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.",
      "source_identifier": "secalert@redhat.com",
      "published_date": "2014-04-07T22:55:03.893",
      "last_modified_date": "2025-09-09T13:33:47.875Z",
      "vuln_status": "Deferred",
      "cvss_v3_score": 7.5,
      "cvss_v3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "cvss_v2_score": 5,
      "cvss_v2_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
      "cwes": ["CWE-125"],
      "cpe_ids": ["cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"],
      "epss_percentile": 0.99985,
      "epss_score": 0.94436,
      "is_exploit_available": true,
      "is_kev": true,
      "cisa_exploit_add": "2022-05-04",
      "cisa_action_due": "2022-05-25",
      "cisa_required_action": "Apply updates per vendor instructions.",
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0160",
          "source": "secalert@redhat.com",
          "tags": ["Third Party Advisory"]
        }
      ]
    }
  ]
}

Search for exploits, proof-of-concepts, and exploit code from the FullHunt database with OEM-level access.

HTTP Request

POST https://fullhunt.io/api/v1/oem/vulnerability-intelligence/exploits-search

Request Body

ParameterTypeRequiredDescription
queryStringYesThe search query (CVE identifier, exploit title, description, type, or platform). Must be 3-100 characters long.
query_tagsObjectNoCustom tags for query tracking and organization

Example Request

curl -X POST "https://fullhunt.io/api/v1/oem/vulnerability-intelligence/exploits-search" \
  -H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "CVE-2023-23397",
    "query_tags": {
      "project": "threat-hunting",
      "priority": "high"
    }
  }'

Example Response

{
  "response": [
    {
      "source": "exploitdb",
      "edb_id": "33943",
      "cve_id": null,
      "title": "Flussonic Media Server 4.1.25 < 4.3.3 - Arbitrary File Disclosure",
      "file_path": "exploits/aix/dos/33943.txt",
      "author": "BGA Security",
      "type": "dos",
      "platform": "aix",
      "port": "8080",
      "date_published": "2014-07-01",
      "date_added": "2014-07-01",
      "date_updated": "2014-07-01",
      "verified": false,
      "codes": ["OSVDB-108610", "OSVDB-108609"],
      "tags": [],
      "aliases": "",
      "screenshot_url": "",
      "application_url": "",
      "source_url": "",
      "epss_percentile": 0,
      "epss_score": 0,
      "is_kev": false
    }
  ]
}

OEM Features

Advanced Audit Logging

All OEM API requests include comprehensive logging:

  • Account and user identification
  • Request parameters and query tags
  • Timestamp and IP address tracking
  • Custom query tagging for organization

Higher Result Limits

  • Standard APIs: 10 results per query
  • OEM APIs: 50 results per query
  • Deep Search: More comprehensive result sets

Query Tagging

Custom tags for request organization and tracking:

{
  "query_tags": {
    "project": "red-team-exercise",
    "team": "security",
    "priority": "high",
    "environment": "production"
  }
}

Response Fields

Enhanced Vulnerability Data

OEM responses include additional fields not available in standard APIs:

  • exploitability_score: CVSS exploitability subscore
  • impact_score: CVSS impact subscore
  • attack_vector: Detailed attack vector information
  • attack_complexity: Attack complexity assessment
  • privileges_required: Required privilege level
  • user_interaction: User interaction requirements

Enhanced Exploit Data

OEM responses include additional exploit intelligence from multiple sources:

ExploitDB Source Fields:

  • edb_id: Exploit Database identifier
  • file_path: Path to exploit code file
  • verified: Verification status
  • codes: Reference codes (OSVDB, etc.)

Metasploit Source Fields:

  • module_path: Metasploit module path
  • full_name: Full module name
  • rank: Module reliability rank (300-700)
  • disclosure_date: Vulnerability disclosure date
  • mod_time: Module last modification time
  • rport: Remote target port
  • arch: Target architecture
  • references: Array of reference codes and URLs
  • notes: Module stability, side effects, and reliability info

CISA KEV Source Fields:

  • vendor: Affected vendor name
  • product: Affected product name
  • date_added: Date added to KEV catalog
  • due_date: Federal remediation deadline
  • ransomware_use: Ransomware exploitation status
  • recommendation: CISA remediation guidance
  • notes: Additional CISA reference links

Error Responses

Status CodeErrorDescription
400Missing required parameter: queryThe query parameter is required
400Query must be at least 3 characters longSearch query is too short
400Query must be less than X characters longSearch query exceeds maximum length
401Unauthorized accessInvalid or missing API key
403Access forbiddenAPI key doesn't have enterprise access
403OEM API is not enabled for your accountOEM module not enabled
403OEM API credits exhaustedNo remaining API credits

OEM Use Cases

Enterprise Threat Intelligence

  • Large-scale vulnerability monitoring
  • Automated threat intelligence feeds
  • Custom vulnerability dashboards
  • Integration with SIEM systems

Security Operations Centers (SOC)

  • Real-time vulnerability alerting
  • Threat hunting operations
  • Incident response support
  • Vulnerability lifecycle tracking

Managed Security Service Providers (MSSP)

  • Multi-tenant vulnerability management
  • Customer-specific vulnerability reports
  • Bulk vulnerability assessments
  • White-label security solutions

Security Tool Integration

  • Vulnerability scanner enhancement
  • Security platform data enrichment
  • Custom vulnerability databases
  • Automated patch management systems

Implementation Examples

Python Example

import requests
import json

def search_vulnerabilities(api_key, query, project_tag=None):
    url = "https://fullhunt.io/api/v1/oem/vulnerability-intelligence/vulnerability-search"
    
    headers = {
        "X-API-KEY": api_key,
        "Content-Type": "application/json"
    }
    
    payload = {
        "query": query,
        "no_cache": False
    }
    
    if project_tag:
        payload["query_tags"] = {"project": project_tag}
    
    response = requests.post(url, headers=headers, json=payload)
    
    if response.status_code == 200:
        return response.json()["response"]
    else:
        print(f"Error: {response.status_code} - {response.text}")
        return None

# Usage
vulnerabilities = search_vulnerabilities(
    api_key="your-api-key",
    query="CVE-2023-23397",
    project_tag="security-assessment"
)

Node.js Example

const axios = require('axios');

async function searchExploits(apiKey, query, queryTags = {}) {
    const url = 'https://fullhunt.io/api/v1/oem/vulnerability-intelligence/exploits-search';
    
    const payload = {
        query: query,
        query_tags: queryTags
    };
    
    try {
        const response = await axios.post(url, payload, {
            headers: {
                'X-API-KEY': apiKey,
                'Content-Type': 'application/json'
            }
        });
        
        return response.data.response;
    } catch (error) {
        console.error('Error:', error.response.status, error.response.data);
        return null;
    }
}

// Usage
searchExploits('your-api-key', 'CVE-2023-23397', {
    team: 'red-team',
    priority: 'high'
}).then(exploits => {
    console.log('Found exploits:', exploits.length);
});

Vulnerability Intelligence Feed

Get the latest vulnerabilities and exploits from the FullHunt intelligence database for the past up to 7 days. This endpoint returns a combined feed of recent vulnerability and exploit data with OEM-level access.

HTTP Request

POST https://fullhunt.io/api/v1/oem/vulnerability-intelligence/feed

Request Body

ParameterTypeRequiredDefaultDescription
daysIntegerNo1Number of days to look back (1-7). Returns items published within this time window.
pageIntegerNo1Page number for pagination
per_pageIntegerNo20Number of results per page (1-100)
typeStringNoallFilter results by type: vulnerabilities, exploits, or all
keywordsStringNo-Comma-separated search terms. Use a bare CVE ID (e.g. CVE-2024-1234) for a fast exact match; otherwise uses full-text search across title, description, vendor, and platform fields. Max 20 keywords.
severityStringNo-Filter by CVSS severity: critical (9.0–10), high (7.0–9.0), medium (4.0–7.0), low (0.01–4.0)
kevBooleanNofalseIf true, return only vulnerabilities/exploits listed in the CISA Known Exploited Vulnerabilities catalog
exploit_availableBooleanNofalseIf true, return only vulnerabilities that have a known exploit available
query_tagsObjectNo-Custom tags for request tracking and organization

Example Request

curl -X POST "https://fullhunt.io/api/v1/oem/vulnerability-intelligence/feed" \
  -H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "days": 3,
    "type": "all",
    "keywords": "openssl,heartbleed",
    "severity": "critical",
    "kev": true,
    "per_page": 10,
    "query_tags": {"project": "threat-monitoring"}
  }'

Example Response

{
  "status": 200,
  "message": "ok",
  "metadata": {
    "total_results": 142,
    "total_vulnerabilities": 98,
    "total_exploits": 44,
    "page": 1,
    "per_page": 10,
    "days": 3,
    "type": "all",
    "keywords": ["openssl", "heartbleed"]
  },
  "vulnerabilities": [
    {
      "name": "CVE-2024-xxxx",
      "id": "CVE-2024-xxxx",
      "cve": "CVE-2024-xxxx",
      "description": "Vulnerability description...",
      "date": "2026-04-20",
      "published": "2026-04-20T00:00:00Z",
      "source": "vulnerability"
    }
  ],
  "exploits": [
    {
      "cve_id": "CVE-2024-xxxx",
      "title": "Exploit Title",
      "author": "Author Name",
      "type": "remote",
      "platform": "linux",
      "full_name": "exploit/linux/remote/xxxxx",
      "vendor": "VendorName",
      "product": "ProductName",
      "date": "2026-04-21",
      "source": "exploit"
    }
  ]
}

Access Requirements: OEM module must be enabled. Also accessible to Professional, Enterprise, Builder, Scale, and Consultant paid plans.

Credits: Each request deducts 1 credit from your account balance.

Keyword Search Behavior

Keywords are matched case-insensitively across multiple fields:

Vulnerability fields searched:

  • name - Vulnerability name
  • id - Vulnerability identifier
  • cve - CVE identifier
  • description - Full vulnerability description

Exploit fields searched:

  • cve_id - Related CVE identifier
  • title - Exploit title
  • author - Exploit author/researcher
  • type - Exploit type (remote, local, dos, etc.)
  • platform - Target platform (linux, windows, etc.)
  • full_name - Full module/exploit name
  • vendor - Affected vendor
  • product - Affected product

Feed Use Cases

  • Threat Monitoring: Stay updated on newly disclosed vulnerabilities and exploits
  • Daily Threat Briefing: Automate daily intelligence reports from the past 24-72 hours
  • Emerging Exploit Tracking: Monitor for new exploit code targeting your technology stack
  • Vulnerability Triage: Quickly identify which recent vulnerabilities have available exploits
  • Security Dashboard Feeds: Power real-time security dashboards with the latest threat data

Best Practices

Query Optimization

  • Use specific CVE identifiers for fastest results
  • Use query tags for better organization and tracking

Error Handling

  • Implement proper retry logic for network errors
  • Handle rate limiting gracefully (though not applicable to OEM)
  • Log API responses for audit trails

Security Considerations

  • Store API keys securely (environment variables, key management systems)
  • Use HTTPS for all API communications
  • Implement proper access controls for API usage

Performance Tips

  • Batch similar queries when possible
  • Monitor API response times and adjust accordingly