Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,453 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-3548 | Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improper... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-35168 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-3503 | Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physic... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-35002 | Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbi... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34974 | ### Summary The regex-based SVG sanitizer in phpMyFAQ (`SvgSanitizer.php`) can be bypassed using HTML entity encoding in `javascript:` URLs within SVG... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34973 | ### Summary The `searchCustomPages()` method in `phpmyfaq/src/phpMyFAQ/Search.php` uses `real_escape_string()` (via `escape()`) to sanitize the searc... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-3497 | Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linu... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34969 | # Refresh Token Leaked via URL Query Parameter in OAuth Provider Callback ## Summary The auth service's OAuth provider callback flow places the refr... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34955 | ### Summary `SubprocessSandbox` in all modes (BASIC, STRICT, NETWORK_ISOLATED) calls `subprocess.run()` with `shell=True` and relies solely on string... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34954 | ### Summary `FileTools.download_file()` in `praisonaiagents` validates the destination path but performs no validation on the `url` parameter, passin... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34953 | ### Summary `OAuthManager.validate_token()` returns `True` for any token not found in its internal store, which is empty by default. Any HTTP request... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34952 | ### Summary The PraisonAI Gateway server accepts WebSocket connections at `/ws` and serves agent topology at `/info` with no authentication. Any netw... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34940 | ## CHAMP: Description ### Summary The `ollamaStartupProbeScript()` function in `internal/modelcontroller/engine_ollama.go` constructs a shell comman... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34939 | ### Summary `MCPToolIndex.search_tools()` compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization,... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34938 | ### Summary `execute_code()` in `praisonai-agents` runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34937 | ### Summary `run_python()` in `praisonai` constructs a shell command string by interpolating user-controlled code into `python3 -c "<code>"` and pass... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34936 | ### Summary `passthrough()` and `apassthrough()` in `praisonai` accept a caller-controlled `api_base` parameter that is concatenated with `endpoint` ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34935 | ### Summary The `--mcp` CLI argument is passed directly to `shlex.split()` and forwarded through the call chain to `anyio.open_process()` with no val... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34934 | ## Summary The `get_all_user_threads` function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An att... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34890 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Ba... | 0.0 | 0 | Neutral | No | Yes |