Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,351 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-34120 | A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content du... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-34119 | A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bo... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34118 | A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34073 | ## Summary In versions of cryptography prior to 46.0.5, DNS name constraints were only validated against SANs within child certificates, and not the ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34046 | ## Vulnerability ### IDOR in `GET/PATCH/DELETE /api/v1/flow/{flow_id}` The `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branch... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33951 | ## Summary The SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33881 | Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are i... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33879 | Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and evaluation of medical imaging AI models ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33872 | ### Impact This vulnerability results in Cross-User Data Leakage or Information Disclosure due to a race condition in the worker protocol. The lack ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33864 | ### Summary A prototype pollution vulnerability exists in the latest version of the convict npm package (6.2.4). Despite a previous fix that attempted... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33863 | ### Impact Two unguarded prototype pollution paths exist, not covered by previous fixes: 1. `config.load()` / `config.loadFile()` — `overlay()` recur... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33765 | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 h... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33752 | ### Summary curl_cffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of th... | 0.0 | 0 | Neutral | Yes | Yes |
| CVE-2026-33748 | ### Impact Insufficient validation of Git URL fragment subdir components (`<url>#<ref>:<subdir>`, [docs](https://docs.docker.com/build/concepts/contex... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33729 | ### Description In OpenFGA, under specific conditions, models using conditions with caching enabled can result in two different check requests produci... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33728 | In versions of dd-trace-java prior to 1.60.3, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying se... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33727 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33709 | ## Affected Version JupyterHub <= 5.4.3 ## Impact An open redirect vulnerability in JupyterHub <=5.4.3 allows attackers to construct links which, w... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-3370 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33658 | ### Impact Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small range... | 0.0 | 0 | Neutral | No | Yes |