Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,461 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-34791 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_proxy.cgi.... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-34790 | Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in the remove ARCHIVE parameter t... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-3479 | pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals. | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34786 | ## Summary `Rack::Static#applicable_rules` evaluates several `header_rules` types against the raw URL-encoded `PATH_INFO`, while the underlying file-... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34785 | ## Summary `Rack::Static` determines whether a request should be served as a static file using a simple string prefix check. When configured with URL... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34783 | ## Summary A path traversal vulnerability in Ferret's `IO::FS::WRITE` standard library function allows a malicious website to write arbitrary files t... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34763 | ## Summary `Rack::Directory` interpolates the configured `root` path directly into a regular expression when deriving the displayed directory path. I... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34762 | ## Summary The `PUT /api/v1/subscriber/{imsi}` API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies the... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34761 | ## Summary Ella Core panics when processing a NGAP handover failure message. ## Impact If an attacker can force a gNodeB to send NGAP handover fail... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34760 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34759 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34758 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34752 | ### Summary Sending an email with `__proto__:` as a header name crashes the Haraka worker process. ### Details The header parser at `node_modules/... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34745 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34743 | No description available | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34742 | The Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is r... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34736 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34735 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34730 | ### Summary Copier's `_external_data` feature allows a template to load YAML files using template-controlled paths. The documentation describes these... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34729 | ### Summary The sanitization pipeline for FAQ content is: 1. `Filter::filterVar($input, FILTER_SANITIZE_SPECIAL_CHARS)` — encodes `<`, `>`, `"`, `'`, ... | 0.0 | 0 | Neutral | No | No |