Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,047 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-27065 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-27043 | Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-27038 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-27037 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-27036 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-27035 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-27034 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-27033 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-27032 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-27031 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-27020 | Photobooth prior to 1.0.1 has a cross-site scripting (XSS) vulnerability in user input fields. Malicious users could inject scripts through unvalidate... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-27018 | ### Impact The fix introduced in version 8.1.0 for GHSA-rh2x-ccvw-q7r3 (CVE-2024-21527) can be bypassed using mixed-case or uppercase URL schemes. T... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-26995 | The padding extension was incorrectly removed in utls for the non-pq variant of Chrome 120 fingerprint. Chrome removed this extension only when sendin... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-26958 | `(*Point).MultiScalarMult` failed to initialize its receiver. If the method was called on an initialized point that is not the identity point, MultiS... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-26957 | **Date:** 2025-12-07 **Vulnerability:** Server-Side Request Forgery (SSRF) **Component:** Webhooks Module ## Executive Summary A critical security vu... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-26928 | SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are cor... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-26927 | Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is poss... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-26809 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-2647 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 0.0 | 0 | Neutral | No | No |
| CVE-2026-2646 | A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enable... | 0.0 | 0 | Neutral | No | Yes |