Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,483 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-34939 | ### Summary `MCPToolIndex.search_tools()` compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization,... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-34938 | ### Summary `execute_code()` in `praisonai-agents` runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34937 | ### Summary `run_python()` in `praisonai` constructs a shell command string by interpolating user-controlled code into `python3 -c "<code>"` and pass... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34936 | ### Summary `passthrough()` and `apassthrough()` in `praisonai` accept a caller-controlled `api_base` parameter that is concatenated with `endpoint` ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34935 | ### Summary The `--mcp` CLI argument is passed directly to `shlex.split()` and forwarded through the call chain to `anyio.open_process()` with no val... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34934 | ## Summary The `get_all_user_threads` function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An att... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34932 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34931 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34890 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Ba... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34877 | An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session str... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34876 | An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34873 | An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session. | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34848 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34847 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34841 | ### **Impact** This is a **supply chain attack** involving compromised versions of the `axios` npm package, which introduced a hidden dependency depl... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34840 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34838 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34835 | ## Summary `Rack::Request` parses the `Host` header using an `AUTHORITY` regular expression that accepts characters not permitted in RFC-compliant ho... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34834 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34833 | No description available | 0.0 | 0 | Neutral | No | No |