Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,292 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-33300 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-la... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-33284 | GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validati... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33271 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902. | 0.0 | 0 | Neutral | No | No |
| CVE-2026-3327 | Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restrictio... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33253 | SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root di... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33221 | ## Summary The storage service's file upload handler trusts the client-provided `Content-Type` header without performing server-side MIME type detect... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-3321 | A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33201 | Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33189 | Rejected reason: Further research determined the issue originates from a different product. | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33188 | Rejected reason: Further research determined the issue originates from a different product. | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33187 | Rejected reason: Further research determined the issue originates from a different product. | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33185 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-la... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33168 | ### Impact When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed H... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33167 | ### Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML an... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33155 | ### Summary The pickle unpickler `_RestrictedUnpickler` validates which classes can be loaded but does not limit their constructor arguments. A few o... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33151 | ### Impact A specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be explo... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-3315 | Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33074 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-la... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33073 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-la... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-32953 | ## Impact Some specific (1 out of 256) User Supplied Secrets (USS) were not used, making the resulting Compound Device Identifier (CDI) the same as i... | 0.0 | 0 | Neutral | No | Yes |