Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 200,308 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-45783 | ### Summary An unauthenticated remote peer can exhaust the disk storage of any `@libp2p/kad-dht` node running in server mode by sending an unbounded s... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-45779 | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45778 | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaS... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45777 | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remote... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45776 | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows a... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45774 | ## Summary The compliance-trestle library's profile import mechanism resolves `trestle://` URIs and relative file paths by joining them with `trestle... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45756 | ### Description The `JsonPath` component's `match()` and `search()` filter functions compile a caller-supplied pattern straight into `preg_match()`: ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45755 | ### Description The Mailtrap mailer bridge ships a webhook request parser used to authenticate and decode the event callbacks Mailtrap POSTs to an ap... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45754 | ### Description The Mailjet mailer bridge and the LOX24 SMS notifier bridge both ship webhook request parsers used to authenticate and decode the eve... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45753 | ### Description `symfony/html-sanitizer` lets applications sanitise untrusted HTML. `UrlAttributeSanitizer` is the visitor responsible for validating... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45742 | ### Summary Gotenberg is vulnerable to a remote denial of service in multipart `downloadFrom` handling. A multipart request containing multiple `dow... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45741 | ### Summary `IsPublicIP` in `pkg/gotenberg/outbound.go` incorrectly classifies IPv6 6to4 / NAT64 / deprecated site-local addresses as public IPs, all... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-45738 | ### Summary A user with **application write access (developer role)** can set `link.argocd.argoproj.io/*` annotations on any ArgoCD Application. Thes... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45737 | ### Summary The original fix for [GHSA-3v3m-wc6v-x4x3](https://github.com/argoproj/argo-cd/security/advisories/GHSA-3v3m-wc6v-x4x3) is incomplete. arg... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45732 | ## Impact The OAuth1 and OAuth2 credential reconnect endpoints authorized access using `credential:read` rather than `credential:update`. An authentic... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45730 | This vulnerability exists in Nuclio Dashboard's project management API, allowing any authenticated user (without membership in the target project) to ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45727 | The `cloakserve` CDP multiplexer uses the user-supplied `fingerprint` query parameter directly as a filesystem path component when creating Chrome pro... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45726 | ## Summary Omni supports importing standalone Talos clusters. During this process, an ImportedClusterSecrets resource is created, which contains the... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45725 | ## Summary The compliance-trestle library's remote fetching cache mechanism (HTTPSFetcher and SFTPFetcher) constructs the local cache file path from ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-45723 | ## Summary `managementServer.CreateSchematic` (`internal/backend/grpc/schematics.go`) passes the caller-controlled `TalosVersion` field directly to `... | 0.0 | 0 | Neutral | No | Yes |