Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
π Premium Features
π Filter Threats
| Title | Severity | EPSS (30-Day) | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|---|
| CVE-2025-41270 Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the ... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2025-41269 Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the ... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2025-41268 Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2025-41267 Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the ... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2025-41266 Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the ... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2025-41265 Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the ... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-9189 The Contact Form 7 β PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authentic... | MEDIUM | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-6075 The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to mis... | HIGH | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-10056 CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Lin... | HIGH | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-10052 A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions,... | MEDIUM | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-10039 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to... | MEDIUM | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-49201 The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify,... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-49200 The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credential... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-49199 Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device. | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-10058 ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inje... | MEDIUM | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-10057 ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inje... | MEDIUM | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-49198 Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors. | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-49197 Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fail... | UNKNOWN | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-9243 The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carousel_direction' parameter of th... | MEDIUM | π LOCKED | ????? | ????? | NVD | 6 days ago |
| CVE-2026-4776 An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query par... | HIGH | π LOCKED | ????? | ????? | NVD | 6 days ago |