Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 199,951 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-33863 | ### Impact Two unguarded prototype pollution paths exist, not covered by previous fixes: 1. `config.load()` / `config.loadFile()` — `overlay()` recur... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-33765 | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 h... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33748 | No description available | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33729 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33728 | dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a cust... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33701 | OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, th... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-3370 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33699 | pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33658 | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's pr... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33656 | No description available | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-33654 | nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33641 | ## Summary Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuratio... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33632 | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.4, two file operation event ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-3356 | The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33559 | WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin e... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33537 | Lychee is a free, open-source photo-management tool. The patch introduced for GHSA-cpgw-wgf3-xc6v (SSRF via `Photo::fromUrl`) contains an incomplete I... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33533 | ### Summary The Glances XML-RPC server (activated with glances -s or glances --server) sends Access-Control-Allow-Origin: * on every HTTP response. B... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33531 | InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, a path traversal vulnerability in the report template engine allows a... | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-33525 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33433 | Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when `headerField` is configured with a non-can... | 0.0 | 0 | Neutral | No | No |