Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
🔔 Premium Features
🔍 Filter Threats
| Title | Severity | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|
| CVE-2026-44494 # Vulnerability Disclosure: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`
## Summary
The Axios library is vulnerable to a ... | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-10069 A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an unknown function of the file usr/sbin/miniupnpd. Such manipulation le... | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-44492 ### Summary
shouldBypassProxy, introduced in v1.15.0 to fix CVE-2025-62718, does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4... | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-10099 XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket_receive_worker routine of simple_http_server.py that allows attackers... | MEDIUM | ????? | ????? | NVD | 6 days ago |
| CVE-2026-44490 ## Summary
axios `1.15.2` exposes two read-side prototype-pollution gadgets. When `Object.prototype` is polluted by an upstream dependency in the sam... | MEDIUM | ????? | ????? | NVD | 6 days ago |
| CVE-2026-44489 # [Patch Bypass] Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix in Axios 1.15.2
## Summary
The `Obje... | LOW | ????? | ????? | NVD | 6 days ago |
| CVE-2026-41237 Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowing ... | UNKNOWN | ????? | ????? | NVD | 6 days ago |
| CVE-2026-10068 A flaw has been found in Shibby Tomato 1.28. The affected element is the function send of the file usr/sbin/miniupnpd of the component SUBSCRIBE Call ... | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-41235 Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell lis... | UNKNOWN | ????? | ????? | NVD | 6 days ago |
| CVE-2026-10067 A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-base... | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-4290 The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/{user_id} REST API endpoint... | CRITICAL | ????? | ????? | NVD | 6 days ago |
| CVE-2026-45609 mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to ... | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-39292 Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote att... | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-10066 A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the comp... | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-33386 QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a M... | UNKNOWN | ????? | ????? | NVD | 6 days ago |
| CVE-2026-33384 QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. Th... | UNKNOWN | ????? | ????? | NVD | 6 days ago |
| CVE-2026-35674 OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged comman... | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-35673 OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked ta... | MEDIUM | ????? | ????? | NVD | 6 days ago |
| CVE-2026-35630 OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver id... | HIGH | ????? | ????? | NVD | 6 days ago |
| CVE-2026-34507 OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allowFr... | MEDIUM | ????? | ????? | NVD | 6 days ago |