Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
π Premium Features
π Filter Threats
| Title | Severity | EPSS (30-Day) | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|---|
| CVE-2026-10056 CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Lin... | HIGH | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-10052 A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions,... | MEDIUM | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-10039 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to... | MEDIUM | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-49201 The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify,... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-49200 The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credential... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-49199 Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device. | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-10058 ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inje... | MEDIUM | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-10057 ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inje... | MEDIUM | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-49198 Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors. | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-49197 Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fail... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-9243 The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carousel_direction' parameter of th... | MEDIUM | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-4776 An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query par... | HIGH | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-3655 The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This ... | CRITICAL | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2025-11262 The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including... | HIGH | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-49196 The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands. | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-49195 Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-49322 Weak authentication in the Wireless Control Module (WCM) of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attac... | MEDIUM | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-9714 The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the [showmodule] short... | MEDIUM | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-8732 The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.... | CRITICAL | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-6324 A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` fun... | MEDIUM | π LOCKED | ????? | ????? | NVD | 6 days ago |