Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
🔔 Premium Features
🔍 Filter Threats
| Title | Severity | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|
| CVE-2026-49742 Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer (FAL) via the Media M... | UNKNOWN | ????? | ????? | NVD | 2 days ago |
| CVE-2026-49741 Backend users with write access to the form_definition database table were able to directly create, update, or delete form definition records via Data... | UNKNOWN | ????? | ????? | NVD | 2 days ago |
| CVE-2026-49740 TYPO3's cache frontend (VariableFrontend) and persistent key-value store (Registry) deserialized PHP payloads without integrity validation or cla... | UNKNOWN | ????? | ????? | NVD | 2 days ago |
| CVE-2026-49738 The path allowance check in GeneralUtility::isAllowedAbsPath() performed a plain string prefix comparison without requiring a directory separator boun... | UNKNOWN | ????? | ????? | NVD | 2 days ago |
| CVE-2026-47352 Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to fi... | UNKNOWN | ????? | ????? | NVD | 2 days ago |
| CVE-2026-47351 Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to g... | UNKNOWN | ????? | ????? | NVD | 2 days ago |
| CVE-2026-47350 Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions ... | UNKNOWN | ????? | ????? | NVD | 2 days ago |
| CVE-2026-47349 Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. ... | UNKNOWN | ????? | ????? | NVD | 2 days ago |
| CVE-2026-47348 Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sani... | UNKNOWN | ????? | ????? | NVD | 2 days ago |
| CVE-2026-47347 Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it ha... | UNKNOWN | ????? | ????? | NVD | 2 days ago |
| CVE-2026-47346 Backend users with file write permissions were able to upload form definition files with mixed-case extensions (e.g., .FORM.YAML) to bypass the Form F... | UNKNOWN | ????? | ????? | NVD | 2 days ago |
| CVE-2026-47343 Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of a... | UNKNOWN | ????? | ????? | NVD | 2 days ago |
| CVE-2026-11607 Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without deny... | UNKNOWN | ????? | ????? | NVD | 2 days ago |
| CVE-2026-52902 A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attack... | MEDIUM | ????? | ????? | NVD | 2 days ago |
| CVE-2026-4058 The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unau... | MEDIUM | ????? | ????? | NVD | 2 days ago |
| CVE-2025-10263 Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Co... | CRITICAL | ????? | ????? | NVD | 2 days ago |
| CVE-2026-41031 A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker ... | HIGH | ????? | ????? | NVD | 2 days ago |
| CVE-2026-8677 The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Wi... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-8599 The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scr... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-8365 The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field... | HIGH | ????? | ????? | NVD | 3 days ago |