Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
π Premium Features
π Filter Threats
| Title | Severity | EPSS (30-Day) | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|---|
| CVE-2026-33386 QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insecure HTTP-based pluginβfetching mechanism. A malicious attacker can perform a M... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-33384 QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. Th... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-35674 OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged comman... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-35673 OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked ta... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-35630 OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver id... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-34507 OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFr... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-32906 OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin ... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-32905 OpenClaw before 2026.5.4 contains an authorization bypass vulnerability in the bundled device-pair plugin that allows non-owner authorized chat sender... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-10065 A weakness has been identified in Shibby Tomato 1.28. This vulnerability affects the function get_ups_field of the file tomatodata.cgi. Executing a ma... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25404 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injectin... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25403 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injectin... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25402 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injectin... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25401 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injectin... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25400 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injectin... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25399 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injectin... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25398 The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injectin... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25397 PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicio... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25396 Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credenti... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25395 Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicio... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2018-25394 Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicio... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |