Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 206,703 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-4425 | Rejected reason: Reserved for EastLink case, but no need for CVE anymore | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-4420 | Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its page creating functionality. An authenticated attacker with page creation privileges ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4407 | Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces. | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-4406 | The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `form_ids` parameter in the `gform_get_config` AJAX act... | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-4401 | The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the `actions_handler()` and `bulk_actions_handler()` methods ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4400 | Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simp... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4399 | Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4394 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field (`input_<id>.4`)... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4374 | Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Ser... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4368 | Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual ser... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4340 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4317 | SQL inyection (SQLi) vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated att... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4315 | A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service (Do... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4309 | Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4292 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorre... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-4277 | An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-4266 | An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4263 | Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'visit... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4262 | Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'ID' in... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4255 | A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit) allows a local attacker to escalate privileges via DLL s... | 0.0 | 0 | Neutral | No | No |