Synchronization Manager
Orchestrate incremental ingests of NVD data. Define your paging windows, retry thresholds, and throttling limits.
Ingestion Strategy Configurations
Days in each request window (1-10).
Number of chunk intervals to fetch back (1-30).
NVD date range parameter to filter query.
Maximum items returned per API request.
Number of retries per chunk if NIST fails.
Wait time before triggering the next retry.
Ingestion History Logs
Interval sync failed at chunk 1. Cannot read properties of undefined (reading 'recordsFetched')
Interval sync failed at chunk 1. Cannot read properties of undefined (reading 'recordsFetched')
Interval sync failed at chunk 1. Failed query: insert into "cves" ("id", "description", "published_at", "last_modified_at", "score", "severity", "vendors", "products", "affected_versions", "links", "solution") values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) on conflict ("cves"."id") do update set "description" = ?, "last_modified_at" = ?, "score" = ?, "severity" = ?, "vendors" = ?, "products" = ?, "affected_versions" = ?, "links" = ?, "solution" = coalesce(nullif(cves.solution, ''), ?) params: CVE-2026-6101,The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwp_save_local_font() function combined with inadequate cleanup that fails to remove nested directories and files. This makes it possible for authenticated attackers, with Author-level access and above, and permissions granted by an Administrator, to write arbitrary files to the server in a web-accessible location, potentially leading to remote code execution on hosts that execute PHP files in the uploads directory.,2026-07-07T14:16:34.543,2026-07-07T15:16:49.807,7.5,HIGH,[],[],[],["https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/accelerated-moblie-pages.php#L1616","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/includes/options/admin-config.php#L1700","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/includes/options/redux-core/core/panel.php#L175","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/includes/options/redux-core/framework.php#L2832","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/accelerated-moblie-pages.php#L1616","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/includes/options/admin-config.php#L1700","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/includes/options/redux-core/core/panel.php#L175","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/includes/options/redux-core/framework.php#L2832","https://plugins.trac.wordpress.org/changeset/3512870/","https://www.wordfence.com/threat-intel/vulnerabilities/id/b594d0e9-d805-48b9-bfd4-4cc77dd3a70e?source=cve"],Update the affected packages to a secure version. Refer to vendor security advisories.,The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwp_save_local_font() function combined with inadequate cleanup that fails to remove nested directories and files. This makes it possible for authenticated attackers, with Author-level access and above, and permissions granted by an Administrator, to write arbitrary files to the server in a web-accessible location, potentially leading to remote code execution on hosts that execute PHP files in the uploads directory.,2026-07-07T15:16:49.807,7.5,HIGH,[],[],[],["https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/accelerated-moblie-pages.php#L1616","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/includes/options/admin-config.php#L1700","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/includes/options/redux-core/core/panel.php#L175","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/includes/options/redux-core/framework.php#L2832","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/accelerated-moblie-pages.php#L1616","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/includes/options/admin-config.php#L1700","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/includes/options/redux-core/core/panel.php#L175","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/includes/options/redux-core/framework.php#L2832","https://plugins.trac.wordpress.org/changeset/3512870/","https://www.wordfence.com/threat-intel/vulnerabilities/id/b594d0e9-d805-48b9-bfd4-4cc77dd3a70e?source=cve"],Update the affected packages to a secure version. Refer to vendor security advisories.
Completed NVD sync (5 chunks of 1 days using published dates). Total records: 1341.
Interval sync failed at chunk 1. NetworkError when attempting to fetch resource.
Interval sync failed at chunk 1. Failed query: insert into "cves" ("id", "description", "published_at", "last_modified_at", "score", "severity", "vendors", "products", "affected_versions", "links", "solution") values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) on conflict ("cves"."id") do update set "description" = ?, "last_modified_at" = ?, "score" = ?, "severity" = ?, "vendors" = ?, "products" = ?, "affected_versions" = ?, "links" = ?, "solution" = coalesce(nullif(cves.solution, ''), ?) params: CVE-2026-42147,Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection() sends a server-side request to the configured endpoint, allowing an authenticated user with storage management permissions to make Coolify request internal or metadata-service URLs. This issue is fixed in version 4.0.0-beta.474.,2026-07-07T04:17:51.760,2026-07-07T15:16:46.573,4.9,MEDIUM,[],[],[],["https://github.com/coollabsio/coolify/commit/297e9c41e19958f6237919794c28c3fb1d4cda32","https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474","https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3","https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3"],Update the affected packages to a secure version. Refer to vendor security advisories.,Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection() sends a server-side request to the configured endpoint, allowing an authenticated user with storage management permissions to make Coolify request internal or metadata-service URLs. This issue is fixed in version 4.0.0-beta.474.,2026-07-07T15:16:46.573,4.9,MEDIUM,[],[],[],["https://github.com/coollabsio/coolify/commit/297e9c41e19958f6237919794c28c3fb1d4cda32","https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474","https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3","https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3"],Update the affected packages to a secure version. Refer to vendor security advisories.