Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,333 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-34221 | A prototype pollution vulnerability exists in the `Utils.merge` helper used internally by MikroORM when merging object structures. The function did n... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-34220 | ## Summary MikroORM versions <= 6.6.9 and <= 7.0.5 are vulnerable to SQL injection when specially crafted objects are interpreted as raw SQL query fr... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34219 | ## Description ### Summary The Rust libp2p Gossipsub implementation contains a remotely reachable panic in `backoff` expiry handling. After a peer s... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34218 | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defe... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34210 | ### Impact The `stripe/charge` payment method did not check Stripe's `Idempotent-Replayed` response header when creating PaymentIntents. An attacker ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34204 | ## Impact _What kind of vulnerability is it? Who is impacted?_ A flaw in `extractMetadataFromMime()` allows any authenticated user with `s3:PutObjec... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34202 | --- # Remote Denial of Service via Crafted V5 Transactions ## Summary A vulnerability in Zebra's transaction processing logic allows a remote, unaut... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34200 | Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on ... | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-34172 | ## Summary `ChatWorkflow.chat(message)` passes its string argument directly as a Jinja2 template source to a non-sandboxed `Environment`. A developer... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34155 | RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34083 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34073 | ## Summary In versions of cryptography prior to 46.0.5, DNS name constraints were only validated against SANs within child certificates, and not the ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34060 | **Summary** The `rubyLsp.branch` VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby co... | 9.8 | 0 | Neutral | No | Yes |
| CVE-2026-34046 | ## Vulnerability ### IDOR in `GET/PATCH/DELETE /api/v1/flow/{flow_id}` The `_read_flow` helper in `src/backend/base/langflow/api/v1/flows.py` branch... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34041 | ## Summary act unconditionally processes the deprecated `::set-env::` and `::add-path::` workflow commands, which GitHub Actions disabled in October ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33990 | ## Summary Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33981 | ### Summary The `jq:` and `jqraw:` include filter expressions allow use of the jq `env` builtin, which reads all process environment variables and st... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33951 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33950 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33946 | ### Summary The Ruby SDK's [streamable_http_transport.rb](https://github.com/modelcontextprotocol/ruby-sdk/blob/main/lib/mcp/server/transports/stream... | 8.2 | 0 | Neutral | No | Yes |