Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,356 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-34834 | Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() function contained logic that ... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-34833 | Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously inclu... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34825 | ## Summary NocoBase <= 2.0.8 `plugin-workflow-sql` substitutes template variables directly into raw SQL strings via `getParsedValue()` without parame... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-3479 | pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals. | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34783 | ## Summary A path traversal vulnerability in Ferret's `IO::FS::WRITE` standard library function allows a malicious website to write arbitrary files t... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34764 | ### Impact Apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditions, the `release()`... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34759 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered withou... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34756 | ### Summary A Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the `n`... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34755 | ## Summary The `VideoMediaIO.load_base64()` method at `vllm/multimodal/media/video.py:51-62` splits `video/jpeg` data URLs by comma to extract indivi... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34753 | ### Summary A Server Side Request Forgery (SSRF) vulnerability in `download_bytes_from_url` allows any actor who can control batch input JSON to make... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34743 | XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decod... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34735 | The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. In version 1.2.0 and prior, the quickUpload() endpoint ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34606 | Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, F... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34598 | ### Summary A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34593 | ## Summary `Ash.Type.Module.cast_input/2` unconditionally creates a new Erlang atom via `Module.concat([value])` for any user-supplied binary string ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34591 | ### Summary A crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privil... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34576 | Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint accepts a user-supplied URL and fe... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34570 | ## Summary ### Vulnerability: Improper Session Invalidation on Account Deletion (Broken Access Control / Logic Flaw) - This vulnerability is caused by... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-3457 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thales Sentinel LDK Runtime on Windows al... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34545 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From ... | 0.0 | 0 | Neutral | No | Yes |