Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,306 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-33748 | ### Impact Insufficient validation of Git URL fragment subdir components (`<url>#<ref>:<subdir>`, [docs](https://docs.docker.com/build/concepts/contex... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-33746 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33729 | ### Description In OpenFGA, under specific conditions, models using conditions with caching enabled can result in two different check requests produci... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33728 | In versions of dd-trace-java prior to 1.60.3, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying se... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-3370 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33691 | No description available | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33658 | ### Impact Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small range... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33656 | No description available | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-33654 | nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33641 | ## Summary Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuratio... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33632 | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.4, two file operation event ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33617 | An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality,... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33616 | An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutraliza... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33615 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization o... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33614 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization o... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33613 | Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArr... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-3356 | The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33559 | WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin e... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33544 | ### Summary All three OAuth service implementations (`GenericOAuthService`, `GithubOAuthService`, `GoogleOAuthService`) store PKCE verifiers and acce... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33533 | ### Summary The Glances XML-RPC server (activated with glances -s or glances --server) sends Access-Control-Allow-Origin: * on every HTTP response. B... | 0.0 | 0 | Neutral | No | No |