Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,343 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-33881 | Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are i... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-33879 | Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and evaluation of medical imaging AI models ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33873 | ## Description ### 1. Summary The Agentic Assistant feature in Langflow executes LLM-generated Python code during its **validation** phase. Although... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33872 | ### Impact This vulnerability results in Cross-User Data Leakage or Information Disclosure due to a race condition in the worker protocol. The lack ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33864 | ### Summary A prototype pollution vulnerability exists in the latest version of the convict npm package (6.2.4). Despite a previous fix that attempted... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33863 | ### Impact Two unguarded prototype pollution paths exist, not covered by previous fixes: 1. `config.load()` / `config.loadFile()` — `overlay()` recur... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33765 | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 h... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33748 | ### Impact Insufficient validation of Git URL fragment subdir components (`<url>#<ref>:<subdir>`, [docs](https://docs.docker.com/build/concepts/contex... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33746 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33729 | ### Description In OpenFGA, under specific conditions, models using conditions with caching enabled can result in two different check requests produci... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33728 | In versions of dd-trace-java prior to 1.60.3, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying se... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-3370 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33691 | No description available | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33658 | ### Impact Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small range... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33656 | No description available | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-33654 | nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33641 | ## Summary Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuratio... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33632 | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.4, two file operation event ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33617 | An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality,... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33616 | An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutraliza... | 0.0 | 0 | Neutral | No | No |