CVE Watchtower

Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Data export is locked. Upgrade your package to enable filtering and downloading.

πŸ”” Premium Features
πŸ” Filter Threats
Title
SeverityEPSS (30-Day)
PoCActively ExploitedSourceDate
CVE-2025-41270
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the ...
UNKNOWNπŸ”’ LOCKED??????????NVD6 days ago
CVE-2025-41269
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the ...
UNKNOWNπŸ”’ LOCKED??????????NVD6 days ago
CVE-2025-41268
Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R...
UNKNOWNπŸ”’ LOCKED??????????NVD6 days ago
CVE-2025-41267
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the ...
UNKNOWNπŸ”’ LOCKED??????????NVD6 days ago
CVE-2025-41266
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the ...
UNKNOWNπŸ”’ LOCKED??????????NVD6 days ago
CVE-2025-41265
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the ...
UNKNOWNπŸ”’ LOCKED??????????NVD6 days ago
CVE-2026-9189
The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authentic...
MEDIUMπŸ”’ LOCKED??????????NVD6 days ago
CVE-2026-6075
The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to mis...
HIGHπŸ”’ LOCKED??????????NVD6 days ago
CVE-2026-10056
CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Lin...
HIGHπŸ”’ LOCKED??????????NVD6 days ago
CVE-2026-10052
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions,...
MEDIUMπŸ”’ LOCKED??????????NVD6 days ago
CVE-2026-10039
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to...
MEDIUMπŸ”’ LOCKED??????????NVD6 days ago
CVE-2026-49201
The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify,...
UNKNOWNπŸ”’ LOCKED??????????NVD6 days ago
CVE-2026-49200
The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credential...
UNKNOWNπŸ”’ LOCKED??????????NVD6 days ago
CVE-2026-49199
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.
UNKNOWNπŸ”’ LOCKED??????????NVD6 days ago
CVE-2026-10058
ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inje...
MEDIUMπŸ”’ LOCKED??????????NVD6 days ago
CVE-2026-10057
ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inje...
MEDIUMπŸ”’ LOCKED??????????NVD6 days ago
CVE-2026-49198
Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors.
UNKNOWNπŸ”’ LOCKED??????????NVD6 days ago
CVE-2026-49197
Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fail...
UNKNOWNπŸ”’ LOCKED??????????NVD6 days ago
CVE-2026-9243
The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carousel_direction' parameter of th...
MEDIUMπŸ”’ LOCKED??????????NVD6 days ago
CVE-2026-4776
An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query par...
HIGHπŸ”’ LOCKED??????????NVD6 days ago