Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
π Premium Features
π Filter Threats
| Title | Severity | EPSS (30-Day) | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|---|
| CVE-2026-9599 The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing o... | MEDIUM | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-9234 The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to ... | MEDIUM | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-8885 The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode i... | MEDIUM | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-8422 The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This ... | MEDIUM | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-4081 The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [zemstl] shortcode in all versions up to and including 1.0. This... | MEDIUM | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-4080 The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_to_cart' shortcode in all versions up to and in... | MEDIUM | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-4071 The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonc... | MEDIUM | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-3620 The Word Replacer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'replacement' parameter in all versions up to, a... | MEDIUM | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-3514 In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health c... | HIGH | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-2425 The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new_domain' parameter in all versio... | MEDIUM | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-2382 The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the 'fpw_fs_get... | MEDIUM | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-1784 The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on ... | HIGH | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-1451 The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6... | MEDIUM | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-1450 The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mode' parameter in versions up to, and including, ... | MEDIUM | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2025-5085 The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βblogrole_linkβ parameter in all versions up to, and incl... | MEDIUM | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-34907 Wirtualna Uczelnia is vulnerable to Reflected CrossβSite Scripting (XSS) due to insecure handling of the locale parameter across multiple endpoints.... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-34906 Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-10549 LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group members... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-8293 The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST... | HIGH | π LOCKED | ????? | ????? | NVD | 1 day ago |
| CVE-2026-8206 The Kirki β Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover ... | CRITICAL | π LOCKED | ????? | ????? | NVD | 1 day ago |