Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 199,693 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-34086 | Vulnerability in Wikimedia Foundation AbuseFilter. This issue affects AbuseFilter: from * before 1.43.7, 1.44.4, 1.45.2. | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-33975 | Twenty is an open source CRM built with NestJS (Node.js). In versions 1.18.0 and earlier, the SSRF protection in twenty-server's SecureHttpClientServi... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33872 | ### Impact This vulnerability results in Cross-User Data Leakage or Information Disclosure due to a race condition in the worker protocol. The lack ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33864 | ### Summary A prototype pollution vulnerability exists in the latest version of the convict npm package (6.2.4). Despite a previous fix that attempted... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33863 | ### Impact Two unguarded prototype pollution paths exist, not covered by previous fixes: 1. `config.load()` / `config.loadFile()` — `overlay()` recur... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33817 | ### Withdrawn Advisory This advisory has been withdrawn because its CVE Numbering Authority has determined this issue to be a false positive. This lin... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-3370 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33694 | This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this conditi... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33590 | Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33566 | There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-3356 | The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33559 | WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin e... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33441 | Rejected reason: This CVE is a duplicate of another CVE: CVE-2026-33079. | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33398 | NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/pages/forum/get_quotes.php` only checks whether the caller is l... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33386 | QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33384 | QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This be... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33366 | Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product witho... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33277 | An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user. | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33271 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902. | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-3327 | Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restrictio... | 0.0 | 0 | Neutral | No | Yes |