Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
π Premium Features
π Filter Threats
| Title | Severity | EPSS (30-Day) | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|---|
| CVE-2026-9194 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in ... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-48501 GitHub CLI (gh) is GitHubβs official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45663 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file uplo... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45662 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.0 and earlier, the deleteRegistry function in Dokploy (packages/server/src/serv... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-44962 Plesk contains an XPath injection vulnerability in the APS Application Catalog search functionality, where user-supplied input is interpolated into XP... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-39276 The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP cod... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-39229 Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level ... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-36324 SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) due to improper handling of user supplied input in the user r... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-10101 ACM/MCE assisted-service writes raw referenced pull-secret contents into `InfraEnv.status.conditions[].message` when pull-secret validation fails. A n... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-10070 A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Pas... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-44495 ## Summary
Axios versions before the fixed releases contain prototype-pollution gadgets in request config processing. If another vulnerability in the... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-44494 # Vulnerability Disclosure: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`
## Summary
The Axios library is vulnerable to a ... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-10069 A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an unknown function of the file usr/sbin/miniupnpd. Such manipulation le... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-44492 ### Summary
shouldBypassProxy, introduced in v1.15.0 to fix CVE-2025-62718, does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-10099 XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket_receive_worker routine of simple_http_server.py that allows attackers... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-44490 ## Summary
axios `1.15.2` exposes two read-side prototype-pollution gadgets. When `Object.prototype` is polluted by an upstream dependency in the sam... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-44489 # [Patch Bypass] Proxy-Authorization Header Injection via Prototype Pollution β Incomplete Null-Prototype Fix in Axios 1.15.2
## Summary
The `Obje... | LOW | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-41237 ### Summary
The LOC record regex uses `\s+` which matches newlines (allowing embedded newlines to pass), TLSA `matchingType=0` has no upper bound on ... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-10068 A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call ... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-41236 ### Summary
Froxlor 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioni... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |