Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,451 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-35179 | ## Summary The SocialMediaPublisher plugin exposes a `publishInstagram.json.php` endpoint that acts as an unauthenticated proxy to the Facebook/Insta... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-35175 | ### Impact An authenticated user (using the `auth_users` plugin authentication method) could install a custom package even if this user is not superu... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-35171 | ### Impact This is a **critical Remote Code Execution (RCE)** vulnerability caused by unsafe use of `logging.config.dictConfig()` with user-controlle... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-35167 | ### Impact The `_get_versioned_path()` method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-35166 | ### Impact Links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or hav... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-35053 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-35052 | ### Impact Users hosting D-Tale publicly while using a redis or shelf storage layer could be vulnerable to remote code execution allowing attackers to... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-35045 | No description available | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-35044 | ## Summary The Dockerfile generation function `generate_containerfile()` in `src/bentoml/_internal/container/generate.py` uses an unsandboxed `jinja2... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-35043 | Commit ce53491 (March 24) fixed command injection via `system_packages` in Dockerfile templates and `images.py` by adding `shlex.quote`. However, the ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-35042 | ## Summary `fast-jwt` does not validate the `crit` (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a `crit` array ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-35039 | ## Impact Setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. Th... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-35038 | ## Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, t... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-35037 | ## Summary The `GET /api/website/title` endpoint accepts an arbitrary URL via the `website_url` query parameter and makes a server-side HTTP request ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-35036 | ### Summary Ech0 implements **link preview** (editor fetches a page title) through **`GET /api/website/title`**. That is **legitimate product behavio... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-35030 | ### Impact When JWT authentication is enabled (`enable_jwt_auth: true`), the OIDC userinfo cache uses `token[:20]` as the cache key. JWT headers pro... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-3503 | Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physic... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-35029 | ### Impact The `/config/update endpoint` does not enforce admin role authorization. A user who is already authenticated into the platform can then us... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-35002 | Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbi... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34992 | ### Impact This is a missing encryption vulnerability (CWE-311) affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack network... | 0.0 | 0 | Neutral | No | Yes |