Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
π Premium Features
π Filter Threats
| Title | Severity | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|
| CVE-2026-11636 Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI... | HIGH | ????? | ????? | NVD | 4 days ago |
| CVE-2026-11635 Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to pote... | HIGH | ????? | ????? | NVD | 4 days ago |
| CVE-2026-11634 Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a ... | CRITICAL | ????? | ????? | NVD | 4 days ago |
| CVE-2026-11633 Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious periph... | HIGH | ????? | ????? | NVD | 4 days ago |
| CVE-2026-11632 Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures t... | HIGH | ????? | ????? | NVD | 4 days ago |
| CVE-2026-11631 Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to poten... | HIGH | ????? | ????? | NVD | 4 days ago |
| CVE-2026-11630 Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted H... | HIGH | ????? | ????? | NVD | 4 days ago |
| CVE-2026-11629 Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p... | HIGH | ????? | ????? | NVD | 4 days ago |
| CVE-2026-11628 Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access t... | MEDIUM | ????? | ????? | NVD | 4 days ago |
| CVE-2026-47737 ### Impact
Puma is vulnerable to source IP spoofing when `set_remote_address proxy_protocol: :v1` is enabled and persistent connections are used.
PR... | HIGH | ????? | ????? | NVD | 4 days ago |
| CVE-2026-47736 ### Impact
[PROXY protocol support for Puma](https://github.com/puma/puma/issues/2651) was added in version 5.5.0.
When PROXY protocol v1 support is... | HIGH | ????? | ????? | NVD | 4 days ago |
| CVE-2026-47725 Every `/ui/*` POST / PUT / PATCH / DELETE route processes the request as soon as the session cookie validates. `SameSite=Lax` on the session cookie pr... | HIGH | ????? | ????? | NVD | 4 days ago |
| CVE-2026-47724 The `/api/v1/*` route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at `internal/api/host... | CRITICAL | ????? | ????? | NVD | 4 days ago |
| CVE-2026-47723 None of the response paths in `internal/web/` or `internal/api/` set the standard browser-security headers. `grep` for `Content-Security-Policy`, `X-F... | HIGH | ????? | ????? | NVD | 4 days ago |
| CVE-2026-47722 `internal/configgen/generator.go:86,108,119` interpolates the operator-supplied `ListenHost` and `TunDevice` fields raw into a `text/template` that pr... | HIGH | ????? | ????? | NVD | 4 days ago |
| CVE-2026-47721 ## Summary
An authorization issue in the Scheduler API allowed authenticated non-admin users to create or modify scheduled actions that should be res... | MEDIUM | ????? | ????? | NVD | 4 days ago |
| CVE-2026-47720 ## Summary
The TDengine DAQ storage connector's `escapeTdString` at `server/runtime/storage/tdengine/index.js:10` doubles single quotes but does... | MEDIUM | ????? | ????? | NVD | 4 days ago |
| CVE-2026-47719 ## Summary
An unauthenticated attacker (Alice) connects to FUXA's Socket.IO endpoint and emits a `device-webapi-request` event whose `property.a... | HIGH | ????? | ????? | NVD | 4 days ago |
| CVE-2026-47693 Description:
### Summary
Poweradmin v4.4.0 is vulnerable to CSV Injection (Formula Injection) in its log export functionality. User-controlled data ... | MEDIUM | ????? | ????? | NVD | 4 days ago |
| CVE-2026-47252 # AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin
| Field | Value |
| ---------------- | ----- |
| Repository ... | CRITICAL | ????? | ????? | NVD | 4 days ago |