Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,282 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-34606 | Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, F... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-34605 | ### Summary The `SanitizeSVG` function introduced in v3.6.0 to fix XSS in the unauthenticated `/api/icon/getDynamicIcon` endpoint can be bypassed by ... | 0.0 | 0 | Neutral | Yes | Yes |
| CVE-2026-34598 | ### Summary A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34593 | ## Summary `Ash.Type.Module.cast_input/2` unconditionally creates a new Erlang atom via `Module.concat([value])` for any user-supplied binary string ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34591 | ### Summary A crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privil... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34576 | Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint accepts a user-supplied URL and fe... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34570 | ## Summary ### Vulnerability: Improper Session Invalidation on Account Deletion (Broken Access Control / Logic Flaw) - This vulnerability is caused by... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-3457 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thales Sentinel LDK Runtime on Windows al... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34545 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34544 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34543 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34525 | ### Summary Multiple Host headers were allowed in aiohttp. ### Impact Mostly this doesn't affect aiohttp security itself, but if a reverse proxy is... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34520 | ### Summary The C parser (the default for most installs) accepted null bytes and control characters is response headers. ### Impact An attacker cou... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34519 | ### Summary An attacker who controls the `reason` parameter when creating a `Response` may be able to inject extra headers or similar exploits. ### ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34518 | ### Summary When following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization he... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34517 | ### Summary For some multipart form fields, aiohttp read the entire field into memory before checking client_max_size. ### Impact If an application... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34516 | ### Summary A response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vuln... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34515 | ### Summary On Windows the static resource handler may expose information about a NTLMv2 remote path. ### Impact If an application is running on Wi... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34514 | ### Summary An attacker who controls the `content_type` parameter in aiohttp could use this to inject extra headers or similar exploits. ### Impact ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34513 | ### Summary An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. ### Impact If an application makes... | 0.0 | 0 | Neutral | No | Yes |