Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,266 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-33881 | Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are i... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-33879 | Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and evaluation of medical imaging AI models ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33873 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow execu... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33872 | elixir-nodejs provides an Elixir API for calling Node.js functions. A vulnerability in versions prior to 3.1.4 results in Cross-User Data Leakage or I... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33864 | ### Summary A prototype pollution vulnerability exists in the latest version of the convict npm package (6.2.4). Despite a previous fix that attempted... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33863 | ### Impact Two unguarded prototype pollution paths exist, not covered by previous fixes: 1. `config.load()` / `config.loadFile()` — `overlay()` recur... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33765 | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 h... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33748 | No description available | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33729 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33728 | dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a cust... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-3370 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33658 | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's pr... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33656 | No description available | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-33654 | nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33641 | ## Summary Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuratio... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33632 | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.4, two file operation event ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-3356 | The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33559 | WordPress Plugin "OpenStreetMap" provided by MiKa contains a cross-site scripting vulnerability. On the site with the affected version of the plugin e... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33533 | ### Summary The Glances XML-RPC server (activated with glances -s or glances --server) sends Access-Control-Allow-Origin: * on every HTTP response. B... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33525 | No description available | 0.0 | 0 | Neutral | No | No |