Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,346 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-34400 | ### Impact The Query string search API (q=) was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating ... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-34391 | Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolle... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34389 | ### Summary Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34388 | ### Summary A Denial of Service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34387 | Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an a... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34386 | ### Summary A SQL Injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34385 | ### Summary A critical second-order SQL Injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid M... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34377 | --- # CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data ## Summary A logic error in Zebra's transaction verification cache could a... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34373 | ### Impact The GraphQL API endpoint does not respect the `allowOrigin` server option and unconditionally allows cross-origin requests from any websit... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34372 | ### Impact A user which has permission for the Sulu Admin via atleast one role could have access to the subentities of contacts via the admin API wit... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34363 | ### Impact When multiple clients subscribe to the same class via LiveQuery, the event handlers process each subscriber concurrently using shared muta... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34235 | PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists i... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34227 | A single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfi... | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-34221 | A prototype pollution vulnerability exists in the `Utils.merge` helper used internally by MikroORM when merging object structures. The function did n... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34220 | ## Summary MikroORM versions <= 6.6.9 and <= 7.0.5 are vulnerable to SQL injection when specially crafted objects are interpreted as raw SQL query fr... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34219 | ## Description ### Summary The Rust libp2p Gossipsub implementation contains a remotely reachable panic in `backoff` expiry handling. After a peer s... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34218 | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defe... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34210 | ### Impact The `stripe/charge` payment method did not check Stripe's `Idempotent-Replayed` response header when creating PaymentIntents. An attacker ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34204 | ## Impact _What kind of vulnerability is it? Who is impacted?_ A flaw in `extractMetadataFromMime()` allows any authenticated user with `s3:PutObjec... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34202 | --- # Remote Denial of Service via Crafted V5 Transactions ## Summary A vulnerability in Zebra's transaction processing logic allows a remote, unaut... | 0.0 | 0 | Neutral | No | Yes |