Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,242 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-34202 | --- # Remote Denial of Service via Crafted V5 Transactions ## Summary A vulnerability in Zebra's transaction processing logic allows a remote, unaut... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-34200 | Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on ... | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-34172 | ## Summary `ChatWorkflow.chat(message)` passes its string argument directly as a Jinja2 template source to a non-sandboxed `Environment`. A developer... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34155 | RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34124 | A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces l... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34122 | A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient i... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34121 | An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inc... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34120 | A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content du... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34119 | A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bo... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34118 | A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34073 | ## Summary In versions of cryptography prior to 46.0.5, DNS name constraints were only validated against SANs within child certificates, and not the ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34046 | ## Vulnerability ### IDOR in `GET/PATCH/DELETE /api/v1/flow/{flow_id}` The `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branch... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33990 | ## Summary Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33951 | Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenti... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33881 | Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are i... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33879 | Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and evaluation of medical imaging AI models ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33873 | ## Description ### 1. Summary The Agentic Assistant feature in Langflow executes LLM-generated Python code during its **validation** phase. Although... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33872 | ### Impact This vulnerability results in Cross-User Data Leakage or Information Disclosure due to a race condition in the worker protocol. The lack ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33864 | ### Summary A prototype pollution vulnerability exists in the latest version of the convict npm package (6.2.4). Despite a previous fix that attempted... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33863 | ### Impact Two unguarded prototype pollution paths exist, not covered by previous fixes: 1. `config.load()` / `config.loadFile()` — `overlay()` recur... | 0.0 | 0 | Neutral | No | No |