Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,373 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-3457 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thales Sentinel LDK Runtime on Windows al... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-34545 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34544 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34543 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34532 | ### Impact An attacker can bypass Cloud Function validator access controls by appending `.prototype.constructor` to the function name in the URL. Whe... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34526 | ### Details Distinct from CVE-2025-59159 and CVE-2026-26286 (all fixed in v1.16.0). This endpoint is still unpatched. In `src/endpoints/search.js` li... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34525 | ### Summary Multiple Host headers were allowed in aiohttp. ### Impact Mostly this doesn't affect aiohttp security itself, but if a reverse proxy is... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34524 | ## Summary A Path Traversal vulnerability in chat endpoints allows an authenticated attacker to read and delete arbitrary files under their user data ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34523 | ### Summary A path traversal vulnerability in the static file route handler allows any unauthenticated user to determine whether files exist anywhere... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34522 | ### Summary A path traversal vulnerability in `/api/chats/import` allows an authenticated attacker to write attacker-controlled files outside the inte... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34520 | ### Summary The C parser (the default for most installs) accepted null bytes and control characters is response headers. ### Impact An attacker cou... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34519 | ### Summary An attacker who controls the `reason` parameter when creating a `Response` may be able to inject extra headers or similar exploits. ### ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34518 | ### Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization he... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34517 | ### Summary For some multipart form fields, aiohttp read the entire field into memory before checking client_max_size. ### Impact If an application... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34516 | ### Summary A response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vuln... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34515 | ### Summary On Windows the static resource handler may expose information about a NTLMv2 remote path. ### Impact If an application is running on Wi... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34514 | ### Summary An attacker who controls the `content_type` parameter in aiohttp could use this to inject extra headers or similar exploits. ### Impact ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34513 | ### Summary An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. ### Impact If an application makes... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34509 | OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass int... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34508 | OpenClaw before 2026.3.12 applies rate limiting only after webhook authentication succeeds, allowing attackers to bypass rate limits and brute-force w... | 0.0 | 0 | Neutral | No | No |