Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
🔔 Premium Features
🔍 Filter Threats
| Title | Severity | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|
| CVE-2026-45629 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment Web... | CRITICAL | ????? | ????? | NVD | 6 days ago |
| CVE-2026-45628 Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template lite... | CRITICAL | ????? | ????? | NVD | 6 days ago |
| CVE-2026-45625 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine ... | CRITICAL | ????? | ????? | NVD | 6 days ago |
| CVE-2026-45626 Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/{id}/volumes/{volumeNam... | MEDIUM | ????? | ????? | NVD | 6 days ago |
| CVE-2026-45627 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo en... | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-44697 Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Ba... | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-47139 ## Summary
`NodeVM` supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to `http`, `ht... | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-9051 There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacke... | CRITICAL | ????? | ????? | NVD | 6 days ago |
| CVE-2026-47140 ## Summary
`NodeVM` blocks several dangerous Node.js builtins such as `module`, `worker_threads`, `cluster`, `vm`, `repl`, and `inspector`.
However,... | CRITICAL | ????? | ????? | NVD | 6 days ago |
| CVE-2026-47210 ### Summary
A sandbox escape vulnerability in `vm2` allows arbitrary code execution in the host process when untrusted code is executed with async sup... | CRITICAL | ????? | ????? | NVD | 6 days ago |
| CVE-2026-47137 ## Summary
The fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in `nodevm.js` line 263 that blocks the combination `nesting: true` + ... | CRITICAL | ????? | ????? | NVD | 6 days ago |
| CVE-2026-47209 ## Summary
The `BaseHandler.set` trap in `bridge.js` (line 1231) ignores the `receiver` parameter and unconditionally writes to the host target objec... | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-40425 The administrator account for the
Danelec MacGregor Voyage Data Recorder
web interface can directly edit sensitive files related to authentication, p... | MEDIUM | ????? | ????? | NVD | 6 days ago |
| CVE-2026-42929 Danelec MacGregor Voyage Data Recorder
includes default accounts with hard-coded credentials. | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-47135 ## Summary
vm2 3.11.2 `Symbol.for` override in `setup-sandbox.js` only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bri... | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-44611 Danelec MacGregor Voyage Data Recorder
passwords are stored with a hashing method which limits password length and is susceptible to brute force attac... | MEDIUM | ????? | ????? | NVD | 6 days ago |
| CVE-2026-47208 ### Summary
VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute ... | CRITICAL | ????? | ????? | NVD | 6 days ago |
| CVE-2026-47131 ### Summary
By combining `Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__")`, `Buffer.call.call({}.__lookupSetter__, Buffer, "... | CRITICAL | ????? | ????? | NVD | 6 days ago |
| CVE-2026-42951 An authenticated
user can download a backup of the Danelec MacGregor Voyage Data Recorder
device which includes account data and password hashes. | MEDIUM | ????? | ????? | NVD | 6 days ago |
| CVE-2026-42941 The Danelec MacGregor Voyage Data Recorder
device includes a default username and password, with no enforced password change. | HIGH | ????? | ????? | NVD | 6 days ago |