Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,262 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-34509 | OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass int... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-34508 | OpenClaw before 2026.3.12 applies rate limiting only after webhook authentication succeeds, allowing attackers to bypass rate limits and brute-force w... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34455 | Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34452 | The async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory,... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34451 | The local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did not append a trai... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34450 | The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a stand... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34444 | No description available | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-34443 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask() in app/Misc/Helper.php ch... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34406 | APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and secu... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34404 | **Product:** Nuxt OG Image **Version:** 6.1.2 **CWE-ID:** [CWE-404](https://cwe.mitre.org/data/definitions/404.html): Improper Resource Shutdown or R... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34400 | ### Impact The Query string search API (q=) was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34387 | Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an a... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34385 | ### Summary A critical second-order SQL Injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid M... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34377 | --- # CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data ## Summary A logic error in Zebra's transaction verification cache could a... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34372 | ### Impact A user which has permission for the Sulu Admin via atleast one role could have access to the subentities of contacts via the admin API wit... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34227 | A single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfi... | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-34221 | A prototype pollution vulnerability exists in the `Utils.merge` helper used internally by MikroORM when merging object structures. The function did n... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34219 | ## Description ### Summary The Rust libp2p Gossipsub implementation contains a remotely reachable panic in `backoff` expiry handling. After a peer s... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34210 | ### Impact The `stripe/charge` payment method did not check Stripe's `Idempotent-Replayed` response header when creating PaymentIntents. An attacker ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34204 | ## Impact _What kind of vulnerability is it? Who is impacted?_ A flaw in `extractMetadataFromMime()` allows any authenticated user with `s3:PutObjec... | 0.0 | 0 | Neutral | No | No |