Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 351,155 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-45615 | No description available | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-45614 | No description available | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45613 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45611 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45610 | ## Summary **Type:** Cross-site request forgery on the 2FA toggle. `plugin/LoginControl/set.json.php` accepts `POST type=set2FA value=false`, calls `... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45609 | ### Summary The mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol (MCP) [security speci... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45608 | Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally. | 6.8 | 0 | Neutral | No | No |
| CVE-2026-45600 | Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges local... | 7.8 | 0 | Neutral | No | No |
| CVE-2026-45591 | No description available | 7.5 | 0 | Neutral | No | Yes |
| CVE-2026-45585 | Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this ... | 6.8 | 0 | Neutral | Yes | No |
| CVE-2026-45584 | Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network. | 8.1 | 0 | Neutral | Yes | No |
| CVE-2026-45583 | Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network. | 7.5 | 0 | Neutral | No | No |
| CVE-2026-45582 | ## Summary In affected versions of n8n-mcp, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before send... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45581 | When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key passw... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45580 | ## Summary **Type:** Stored cross-site scripting. The Live plugin's "YouTube-style" view renders the live transmission's stream key into an HTML clas... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4558 | A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipul... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45578 | ## Summary **Type:** Classic shell-metacharacter injection. The YPTSocket notification branch in `plugin/Live/on_publish.php` builds an `execAsync()`... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45577 | Neotoma versions starting at v0.6.0 can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45576 | ## Summary Alice runs `zrok2 copy` from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV `href` such as `/.... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45575 | ### Impact An attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery docume... | 0.0 | 0 | Neutral | No | Yes |