Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
π Premium Features
π Filter Threats
| Title | Severity | EPSS (30-Day) | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|---|
| CVE-2026-41235 ### Summary
Froxlor 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may assign to FTP users. H... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-10067 A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-base... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-4290 The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/{user_id} REST API endpoint... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-45609 mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to ... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-39292 Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote att... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-10066 A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the comp... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-33386 QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insecure HTTP-based pluginβfetching mechanism. A malicious attacker can perform a M... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-33384 QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. Th... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-35674 OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged comman... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-35673 OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked ta... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-35630 OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver id... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-34507 OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFr... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-32906 OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin ... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-32905 OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat sender... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-10065 A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function get_ups_field of the file tomatodata.cgi. Executing a ma... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25404 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injectin... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25403 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injectin... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25402 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injectin... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25401 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injectin... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25400 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injectin... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |