Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
π Premium Features
π Filter Threats
| Title | Severity | EPSS (30-Day) | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|---|
| CVE-2026-44287 FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks ... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-44285 FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker t... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-42500 Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image. | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47183 ### Impact
`DNSIncoming._log_exception_debug` and the four `QuietLogger` exception-dedup methods stored an unbounded `_seen_logs` dict keyed by `str(s... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47180 ### Impact
`DNSIncoming._decode_labels_at_offset` recurses once per DNS-name compression pointer (RFC 1035 Β§4.1.4). Pointer cycles and label counts ... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47260 ## Summary
Koel validates the podcast feed URL via the `SafeUrl` rule (DNS resolution + public IP check), but the individual episode `<enclosure u... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-48557 Spatie Laravel Media Library before version 11.23.0 contains a file upload restriction bypass in FileAdder::defaultSanitizer(). The sanitizer checks o... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47122 ## Summary
AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection.
## Details
`Autoup... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47121 ## Summary
Binary delta apply intermediate-symlink traversal in malicious .delta
`Autoupdate/SUBinaryDeltaApply.m` enforces `relativePath.pathCompon... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45700 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-46705 ### Summary
The `russh` server authentication path keeps internal userauth state across `SSH_MSG_USERAUTH_REQUEST` messages without separating that st... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-46702 ### Summary
When SSH compression is enabled, `russh` accepted compressed packets whose on-wire size passed the normal transport packet-length checks ... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45151 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can dereference a null substream pointer... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47255 The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated a... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-46527 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_prox... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47248 ### Impact
Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through `Did you mean ...?` suggestions embedded... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-49386 In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-49385 In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-49384 In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-49383 In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible | LOW | π LOCKED | ????? | ????? | NVD | 5 days ago |