Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
π Premium Features
π Filter Threats
| Title | Severity | EPSS (30-Day) | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|---|
| CVE-2026-48810 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47123 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout&#... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-46599 The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45697 Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields (wit... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45372 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming r... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45613 Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulne... | LOW | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45352 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding ca... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45294 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45324 Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search... | LOW | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45149 The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being ap... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-44640 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to 0.24.14, aio->prov_data is stored as nni_quic_conn* during dialing, ... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-44422 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer re... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-44421 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in t... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-44420 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in F... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-44287 FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks ... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-44285 FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker t... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-42500 Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image. | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47183 ### Impact
`DNSIncoming._log_exception_debug` and the four `QuietLogger` exception-dedup methods stored an unbounded `_seen_logs` dict keyed by `str(s... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47180 ### Impact
`DNSIncoming._decode_labels_at_offset` recurses once per DNS-name compression pointer (RFC 1035 Β§4.1.4). Pointer cycles and label counts ... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47260 ## Summary
Koel validates the podcast feed URL via the `SafeUrl` rule (DNS resolution + public IP check), but the individual episode `<enclosure u... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |