Synchronization Manager

Orchestrate incremental ingests of NVD data. Define your paging windows, retry thresholds, and throttling limits.

Ingestion Strategy Configurations

Days in each request window (1-10).

Number of chunk intervals to fetch back (1-30).

NVD date range parameter to filter query.

Maximum items returned per API request.

Number of retries per chunk if NIST fails.

Wait time before triggering the next retry.

Last successful sync: 7/11/2026, 5:09:30 PM

Ingestion History Logs

Jul 11, 06:24 PM Failed

Interval sync failed at chunk 1. Cannot read properties of undefined (reading 'recordsFetched')

Weeks: 43Records Ingested: 2666
Jul 11, 06:15 PM Failed

Interval sync failed at chunk 1. Cannot read properties of undefined (reading 'recordsFetched')

Weeks: 43Records Ingested: 900
Jul 11, 06:12 PM Failed

Interval sync failed at chunk 1. Failed query: insert into "cves" ("id", "description", "published_at", "last_modified_at", "score", "severity", "vendors", "products", "affected_versions", "links", "solution") values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) on conflict ("cves"."id") do update set "description" = ?, "last_modified_at" = ?, "score" = ?, "severity" = ?, "vendors" = ?, "products" = ?, "affected_versions" = ?, "links" = ?, "solution" = coalesce(nullif(cves.solution, ''), ?) params: CVE-2026-6101,The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwp_save_local_font() function combined with inadequate cleanup that fails to remove nested directories and files. This makes it possible for authenticated attackers, with Author-level access and above, and permissions granted by an Administrator, to write arbitrary files to the server in a web-accessible location, potentially leading to remote code execution on hosts that execute PHP files in the uploads directory.,2026-07-07T14:16:34.543,2026-07-07T15:16:49.807,7.5,HIGH,[],[],[],["https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/accelerated-moblie-pages.php#L1616","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/includes/options/admin-config.php#L1700","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/includes/options/redux-core/core/panel.php#L175","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/includes/options/redux-core/framework.php#L2832","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/accelerated-moblie-pages.php#L1616","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/includes/options/admin-config.php#L1700","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/includes/options/redux-core/core/panel.php#L175","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/includes/options/redux-core/framework.php#L2832","https://plugins.trac.wordpress.org/changeset/3512870/","https://www.wordfence.com/threat-intel/vulnerabilities/id/b594d0e9-d805-48b9-bfd4-4cc77dd3a70e?source=cve"],Update the affected packages to a secure version. Refer to vendor security advisories.,The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwp_save_local_font() function combined with inadequate cleanup that fails to remove nested directories and files. This makes it possible for authenticated attackers, with Author-level access and above, and permissions granted by an Administrator, to write arbitrary files to the server in a web-accessible location, potentially leading to remote code execution on hosts that execute PHP files in the uploads directory.,2026-07-07T15:16:49.807,7.5,HIGH,[],[],[],["https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/accelerated-moblie-pages.php#L1616","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/includes/options/admin-config.php#L1700","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/includes/options/redux-core/core/panel.php#L175","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.12/includes/options/redux-core/framework.php#L2832","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/accelerated-moblie-pages.php#L1616","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/includes/options/admin-config.php#L1700","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/includes/options/redux-core/core/panel.php#L175","https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/includes/options/redux-core/framework.php#L2832","https://plugins.trac.wordpress.org/changeset/3512870/","https://www.wordfence.com/threat-intel/vulnerabilities/id/b594d0e9-d805-48b9-bfd4-4cc77dd3a70e?source=cve"],Update the affected packages to a secure version. Refer to vendor security advisories.

Weeks: 43Records Ingested: 0
Jul 11, 05:09 PM Success

Completed NVD sync (5 chunks of 1 days using published dates). Total records: 1341.

Weeks: 1Records Ingested: 1341
Jul 11, 05:05 PM Failed

Interval sync failed at chunk 1. NetworkError when attempting to fetch resource.

Weeks: 1Records Ingested: 792
Jul 11, 05:01 PM Failed

Interval sync failed at chunk 1. Failed query: insert into "cves" ("id", "description", "published_at", "last_modified_at", "score", "severity", "vendors", "products", "affected_versions", "links", "solution") values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) on conflict ("cves"."id") do update set "description" = ?, "last_modified_at" = ?, "score" = ?, "severity" = ?, "vendors" = ?, "products" = ?, "affected_versions" = ?, "links" = ?, "solution" = coalesce(nullif(cves.solution, ''), ?) params: CVE-2026-42147,Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection() sends a server-side request to the configured endpoint, allowing an authenticated user with storage management permissions to make Coolify request internal or metadata-service URLs. This issue is fixed in version 4.0.0-beta.474.,2026-07-07T04:17:51.760,2026-07-07T15:16:46.573,4.9,MEDIUM,[],[],[],["https://github.com/coollabsio/coolify/commit/297e9c41e19958f6237919794c28c3fb1d4cda32","https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474","https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3","https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3"],Update the affected packages to a secure version. Refer to vendor security advisories.,Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection() sends a server-side request to the configured endpoint, allowing an authenticated user with storage management permissions to make Coolify request internal or metadata-service URLs. This issue is fixed in version 4.0.0-beta.474.,2026-07-07T15:16:46.573,4.9,MEDIUM,[],[],[],["https://github.com/coollabsio/coolify/commit/297e9c41e19958f6237919794c28c3fb1d4cda32","https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.474","https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3","https://github.com/coollabsio/coolify/security/advisories/GHSA-pwm4-w33c-wjf3"],Update the affected packages to a secure version. Refer to vendor security advisories.

Weeks: 43Records Ingested: 0