Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,366 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-34524 | ## Summary A Path Traversal vulnerability in chat endpoints allows an authenticated attacker to read and delete arbitrary files under their user data ... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-34523 | ### Summary A path traversal vulnerability in the static file route handler allows any unauthenticated user to determine whether files exist anywhere... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34522 | ### Summary A path traversal vulnerability in `/api/chats/import` allows an authenticated attacker to write attacker-controlled files outside the inte... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34520 | ### Summary The C parser (the default for most installs) accepted null bytes and control characters is response headers. ### Impact An attacker cou... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34519 | ### Summary An attacker who controls the `reason` parameter when creating a `Response` may be able to inject extra headers or similar exploits. ### ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34518 | ### Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization he... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34517 | ### Summary For some multipart form fields, aiohttp read the entire field into memory before checking client_max_size. ### Impact If an application... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34516 | ### Summary A response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vuln... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34515 | ### Summary On Windows the static resource handler may expose information about a NTLMv2 remote path. ### Impact If an application is running on Wi... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34514 | ### Summary An attacker who controls the `content_type` parameter in aiohttp could use this to inject extra headers or similar exploits. ### Impact ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34513 | ### Summary An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. ### Impact If an application makes... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34509 | OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass int... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34508 | OpenClaw before 2026.3.12 applies rate limiting only after webhook authentication succeeds, allowing attackers to bypass rate limits and brute-force w... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34455 | Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34452 | The async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory,... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34451 | The local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did not append a trai... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34450 | The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a stand... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34443 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, checkIpByMask() in app/Misc/Helper.php ch... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34406 | APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and secu... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34404 | **Product:** Nuxt OG Image **Version:** 6.1.2 **CWE-ID:** [CWE-404](https://cwe.mitre.org/data/definitions/404.html): Improper Resource Shutdown or R... | 0.0 | 0 | Neutral | No | Yes |