# VulnSea > Newly released CVE and 0day intelligence across every platform. Each entry is a structured markdown document with YAML frontmatter (id, severity, CVSS, affected/patched versions, references) followed by full technical detail. Conventions for agents: - Each CVE has raw markdown at https://beta.vulnsea.com/cve/.md - Structured JSON at https://beta.vulnsea.com/api/cve/ - Query the feed at https://beta.vulnsea.com/api/cve?q=&severity=&vendor=&exploited=&depth=&limit= - Compact triage digest at https://beta.vulnsea.com/api/digest (format=json|text|ndjson) - Typo-tolerant search at https://beta.vulnsea.com/api/search?q= - Related CVEs at https://beta.vulnsea.com/api/cve//related — shared product/vendor/CWE/advisory, scored - Dependency triage: POST https://beta.vulnsea.com/api/sbom { components:[ "pkg:npm/lodash@4.17.20", … ] } — affected CVEs per component, ranked by depth (anon = public window; key = full corpus) - OSV-compatible: POST https://beta.vulnsea.com/api/osv/v1/query and /api/osv/v1/querybatch speak the osv.dev schema — existing OSV clients work unchanged; VulnSea signal under database_specific - Resolve any identifier (GHSA-… or alias) to its canonical record: https://beta.vulnsea.com/api/resolve?id= - Change feed at https://beta.vulnsea.com/api/changes?after= — per-CVE field-change events (kev added, severity bumped, epss moved) with an exact cursor; the re-triage trigger - EPSS movers at https://beta.vulnsea.com/api/movers — biggest exploit-probability climbers over a window - RSS feed at https://beta.vulnsea.com/feed.xml - OpenAPI 3.1 spec at https://beta.vulnsea.com/openapi.json - MCP server (JSON-RPC over Streamable HTTP) at https://beta.vulnsea.com/api/mcp — tools: list_cves, search_cve, get_cve, batch_get_cve, triage_sbom, related_cve, changes_since, resolve_id, get_epss_movers, get_stats Incremental polling (for agents watching for new additions): - https://beta.vulnsea.com/api/cve?since=&order=asc — records ingested after a timestamp - Page with the `next` cursor in each response until it is null. - Track the max `ingestedAt` you have seen; pass it as `since` next poll. - Send `If-None-Match: ` to get 304 Not Modified when nothing changed. - `ingestedAt` = when VulnSea added the record (use this, not `published`, for deltas). - Cheap check before fetching: HEAD https://beta.vulnsea.com/api/cve (or ?probe=1) returns only the corpus size + newest ingest timestamp (x-total-count / x-max-ingested-at). Cost controls (fewer tokens / round-trips): - `&fields=id,severity,depth,cvss` — sparse fieldset; returns only the named fields. - https://beta.vulnsea.com/api/cve?ids=CVE-2021-44228,CVE-2014-0160 — batch fetch a known set (max 200) in one request. - `/api/digest?format=ndjson` — one compact line per CVE for cheap scanning. Field semantics: - `severity` is one of: critical, high, medium, low. - `exploited: true` means known exploited in the wild. - `kev: true` means listed in the CISA Known Exploited Vulnerabilities catalog. - `epss` is the FIRST.org exploit-prediction probability (0..1, 30-day window). - `depth` is a composite triage zone = severity + exploitation signal, one of (shallow→deep) sunlit, twilight, midnight, abyssal, hadal. Deeper = graver and more proven: abyssal = critical with a public exploit / in-the-wild use; hadal = critical and actively exploited (CISA KEV / 0day). Filter any list/digest/search with `&depth=` (e.g. `?depth=hadal` for the most urgent). - `depthScore` is a composite 0..100 urgency number = impact (CVSS/severity) + likelihood (EPSS) + proof of exploitation (KEV/0day/in-the-wild/PoC). Higher = patch sooner; it intentionally ranks an exploited high above a quiet critical. /api/cve/ also returns `depthScoreParts` (impact/likelihood/exploitation/ransomware) so the ranking is explainable. - Authenticate (optional) with `Authorization: Bearer vsk_…` or `x-api-key`. Listing the 100 most recent of 6291 CVEs. This is the free public window. Sign in or use an API key (Authorization: Bearer vsk_…) for the full corpus of 6291. ## Critical & actively exploited (13) - [GHSA-g936-7jqj-mwv8 — TSDProxy: Internal proxy auth token forwarded to backend services enables management API escalation](https://beta.vulnsea.com/cve/GHSA-g936-7jqj-mwv8.md): TSDProxy: Internal proxy auth token forwarded to backend services enables management API escalation (severity: critical, CVSS 9, depth: midnight, published Jul 10, 2026) - [CVE-2026-54159 — prestashop/ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE](https://beta.vulnsea.com/cve/CVE-2026-54159.md): prestashop/ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE (severity: critical, CVSS 10, depth: midnight, published Jul 10, 2026) - [CVE-2026-50551 — SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content](https://beta.vulnsea.com/cve/CVE-2026-50551.md): SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content (severity: critical, CVSS 9.9, depth: midnight, published Jul 10, 2026) - [CVE-2026-54067 — SiYuan: Stored XSS to RCE via CSS-snippet