Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
π Premium Features
π Filter Threats
| Title | Severity | EPSS (30-Day) | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|---|
| CVE-2026-45631 Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-aut... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45630 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateTrae... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45660 Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could ... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45629 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment Web... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45628 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template lite... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45625 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine ... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45626 Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/{id}/volumes/{volumeNam... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45627 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo en... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-44697 Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Ba... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47139 ## Summary
`NodeVM` supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to `http`, `ht... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-9051 There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacke... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47140 ## Summary
`NodeVM` blocks several dangerous Node.js builtins such as `module`, `worker_threads`, `cluster`, `vm`, `repl`, and `inspector`.
However,... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47210 ### Summary
A sandbox escape vulnerability in `vm2` allows arbitrary code execution in the host process when untrusted code is executed with async sup... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47137 ## Summary
The fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in `nodevm.js` line 263 that blocks the combination `nesting: true` + ... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47209 ## Summary
The `BaseHandler.set` trap in `bridge.js` (line 1231) ignores the `receiver` parameter and unconditionally writes to the host target objec... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-40425 The administrator account for the
Danelec MacGregor Voyage Data Recorder
web interface can directly edit sensitive files related to authentication, p... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-42929 Danelec MacGregor Voyage Data Recorder
includes default accounts with hard-coded credentials. | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47135 ## Summary
vm2 3.11.2 `Symbol.for` override in `setup-sandbox.js` only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bri... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-44611 Danelec MacGregor Voyage Data Recorder
passwords are stored with a hashing method which limits password length and is susceptible to brute force attac... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47208 ### Summary
VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute ... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |