Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 201,238 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-49978 | If the HTML you give it contains a <template> element, and inside that template there's an element with a shadow DOM attached to it, DOMPurify quietly... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-49977 | This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied markup i... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49976 | ### Impact The CSV user import in update mode bypasses user-edit authorization. A user with only the `import` permission can overwrite any non-admin u... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49946 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 0.0 | 0 | Neutral | No | No |
| CVE-2026-49945 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 0.0 | 0 | Neutral | No | No |
| CVE-2026-49944 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 0.0 | 0 | Neutral | No | No |
| CVE-2026-49870 | ### Impact `POST /two-factor` had no rate limiting, lockout, or attempt counter. An attacker with valid credentials can submit unlimited TOTP guesses.... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49867 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-49865 | ### Summary Kimai 2.56.0 contains a server-side request forgery vulnerability in its invoice PDF preview and generation workflow. If an attacker can ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49864 | ### Summary The wetty client decodes a base64 filename from the file-download escape sequence and interpolates it raw into a Toastify HTML string (`e... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49857 | ## SSRF Protection Bypass via IPv4-mapped IPv6 Loopback ### Summary `auth-fetch-mcp` v3.0.1 implements SSRF protection in `assertSafeUrl()` (`src/se... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49856 | ## Summary The network domain has a central SSRF authorization policy that blocks private, loopback, link-local, and reserved targets unless an expli... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49852 | ### Summary `joserfc.jwt.decode` accepts attacker-forged HMAC-signed tokens when the caller-supplied verification key is the empty string or `None`. ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49846 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-49838 | Found through variant analysis based on `CVE-2026-41643` ## Summary GoBGP accepts a zero-length AS_PATH during UPDATE decoding and later panics while... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49837 | ### Summary GoBGP contains a BGP OPEN capability parsing issue where several concrete capability decoders may parse data from the full remaining c... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49836 | # psd-tools: arbitrary file write/read via smart-object path traversal ## Summary In `psd-tools` (all releases exposing the `SmartObject` API throug... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49835 | ### Impact An unauthenticated remote attacker can trigger unbounded memory growth on the timestamp authority server. This vulnerability exists becau... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49834 | ### Impact _What kind of vulnerability is it? Who is impacted?_ A verifier configured with WithTransparencyLog(N>1) or WithSignedCertificateTimestamp... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49833 | ## Overview A path traversal vulnerability is possible via the [COAR Notify / LDN](https://wiki.lyrasis.org/spaces/DSDOC9x/pages/379126679/COAR+Notif... | 0.0 | 0 | Neutral | No | Yes |