Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
🔔 Premium Features
🔍 Filter Threats
| Title | Severity | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|
| CVE-2026-41842 Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources.
Affected versions:
Spring Fram... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41841 Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources.
Affected versions:
Spring Frame... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41840 Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.
Affected versions:
Spring Framework... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41839 A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exc... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41838 IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination wit... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41720 Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41715 In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41710 An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. ... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41007 Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings.
Affected versions:
Spring HATE... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41006 Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, perform... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-40984 In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Affected vers... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-40983 In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition.
Affected vers... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-11603 The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'args[filterFormArray]' Par... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-10738 The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax) in al... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-10553 The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to ... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-10024 The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versio... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-11572 Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-26236 A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthori... | UNKNOWN | ????? | ????? | NVD | 3 days ago |
| CVE-2026-7556 The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and inclu... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-5714 The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘location_dir’ parameter in all versions up to,... | MEDIUM | ????? | ????? | NVD | 3 days ago |