Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 350,956 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-45303 | ### Summary Through the HTML rendering view, scripts can be injected and executed. The finding resulted from a penetration test for a customer. It is... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-45302 | ## Summary `parseFormData()` walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A sing... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45301 | ### Summary A missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45300 | ## Summary async-http-client leaks `Cookie` headers to cross-origin redirect targets. When following a redirect across a security boundary (different... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-4530 | A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology_retrieve... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45299 | ## Summary The `profile_image_url` field on the user profile update form accepted arbitrary `data:` URI values without MIME-type validation. Two dist... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45298 | ## Summary In a default dozzle deploy (the documented quickstart, no `DOZZLE_AUTH_PROVIDER` set), `POST /api/notifications/test-webhook` is reachable... | 0.0 | 0 | Neutral | Yes | Yes |
| CVE-2026-45297 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45296 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45294 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45292 | ## Overview A vulnerability affects the baggage propagation implementation in `opentelemetry-api` and `opentelemetry-extension-trace-propagators`. Pa... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45291 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45290 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4529 | A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such ma... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45289 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45288 | ## Summary Marten's full-text search APIs interpolated the user-supplied `regConfig` parameter directly into the generated SQL without parameterizati... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45287 | ### Summary `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on each successful `ParseFile... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45286 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45285 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45284 | No description available | 0.0 | 0 | Neutral | No | No |