Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
🔔 Premium Features
🔍 Filter Threats
| Title | Severity | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|
| CVE-2025-51678 An issue was discovered in RISC-V PicoRV32 commit 87c89a. A mismatch in the PCPI INSN and memory address can lead to unexpected behavior. | UNKNOWN | ????? | ????? | NVD | 6 hours ago |
| CVE-2025-51677 An issue was discovered in openRISC OR1200 commit 83ac6b. An output mismatch between the RTL and the netlist of the or1200 cpu output port can lead to... | UNKNOWN | ????? | ????? | NVD | 6 hours ago |
| CVE-2026-16074 A vulnerability was detected in AstrBotDevs AstrBot up to 4.25.2. This affects the function update_plugin/update_all_plugins of the file astrbot/dashb... | MEDIUM | ????? | ????? | NVD | 6 hours ago |
| CVE-2026-54567 ## 1. Header
| Field | Value |
|---|---|
| **Title** | Extension-denylist bypass via case-folding asymmetry in name-override path (incomplete-fix var... | HIGH | ????? | ????? | NVD | 6 hours ago |
| CVE-2026-15415 AWS HealthOmics is a HIPAA-eligible service that fully manages the compute, storage, and workflow engine infrastructure required to run bioinformatics... | MEDIUM | ????? | ????? | NVD | 6 hours ago |
| CVE-2026-54561 ### Impact
`context_import` passed the caller-supplied `filePath` directly to `fs.readFileSync` with no path confinement. A malicious MCP client — ... | MEDIUM | ????? | ????? | NVD | 7 hours ago |
| CVE-2026-9171 IBM PowerVM Novalink are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulner... | HIGH | ????? | ????? | NVD | 7 hours ago |
| CVE-2026-9135 IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 (commit 94981c443d4918517b9e8163d70fc598dc33a32d) contain a code injection vulnera... | CRITICAL | ????? | ????? | NVD | 7 hours ago |
| CVE-2026-9103 IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/au... | CRITICAL | ????? | ????? | NVD | 7 hours ago |
| CVE-2026-58195 Agentic-Flow is an AI agent orchestration platform. Prior to 2.0.14, agentic-flow MCP server tools in src/mcp/standalone-stdio.ts, src/mcp/fastmcp/ser... | HIGH | ????? | ????? | NVD | 7 hours ago |
| CVE-2026-52746 JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear bac... | HIGH | ????? | ????? | NVD | 7 hours ago |
| CVE-2026-49835 Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.1.0, the global wrapMetrics middleware records raw HTTP request ... | MEDIUM | ????? | ????? | NVD | 7 hours ago |
| CVE-2026-48045 Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.12, AsyncListener.handle_query_or_defer retained every tru... | MEDIUM | ????? | ????? | NVD | 7 hours ago |
| CVE-2026-47180 Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.5, DNSIncoming._decode_labels_at_offset recurses once per ... | MEDIUM | ????? | ????? | NVD | 7 hours ago |
| CVE-2026-47183 Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.6, DNSIncoming._log_exception_debug and the four QuietLogg... | MEDIUM | ????? | ????? | NVD | 7 hours ago |
| CVE-2026-47184 Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache._async_add inserted every response record into... | MEDIUM | ????? | ????? | NVD | 7 hours ago |
| CVE-2026-45703 Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.7, the WordExport export flow in bundles/WordExpo... | MEDIUM | ????? | ????? | NVD | 7 hours ago |
| CVE-2026-45162 Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.7, multiple Pimcore locations call PHP's uns... | HIGH | ????? | ????? | NVD | 7 hours ago |
| CVE-2026-12283 Amazon Athena is a serverless, interactive query service that lets you analyze data directly in Amazon S3 using standard SQL. Athena Query Federation ... | MEDIUM | ????? | ????? | NVD | 7 hours ago |
| CVE-2026-54546 ### Summary
`PUT /api/basemap` (the basemap import endpoint) fetches an attacker-supplied URL server-side with **no SSRF protection whatsoever**. Any... | MEDIUM | ????? | ????? | NVD | 7 hours ago |