Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,479 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-39933 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatch... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-3987 | A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-39841 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-39840 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-39839 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-39838 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage E... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-39837 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-3948 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 0.0 | 0 | Neutral | No | No |
| CVE-2026-39413 | ## Summary The LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JW... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-39410 | ## Summary A discrepancy between browser cookie parsing and `parse()` handling allows cookie prefix protections to be bypassed. Cookie names that ar... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-39409 | ## Summary `ipRestriction()` does not canonicalize IPv4-mapped IPv6 client addresses (e.g. `::ffff:127.0.0.1`) before applying IPv4 allow or deny rul... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-39408 | ## Summary A path traversal issue in `toSSG()` allows files to be written outside the configured output directory during static site generation. When... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-39407 | ## Summary A path handling inconsistency in `serveStatic` allows protected static files to be accessed by using repeated slashes (`//`) in the reques... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-39406 | ## Summary A path handling inconsistency in `serveStatic` allows protected static files to be accessed by using repeated slashes (`//`) in the reques... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-39401 | Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processes can include an update_event ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-39400 | Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with create_events and run_eve... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-39398 | ## Affected openclaw-claude-bridge v1.1.0 ## Issue v1.1.0 spawns the Claude Code CLI subprocess with `--allowed-tools ""` and the release notes + R... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-39382 | dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-39381 | ### Impact The `GET /sessions/me` endpoint returns `_Session` fields that the server operator explicitly configured as protected via the `protectedFi... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-39365 | ### Summary Any files ending with `.map` even out side the project can be returned to the browser. ### Impact Only apps that match the following co... | 0.0 | 0 | Neutral | Yes | Yes |