Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 200,024 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-42839 | An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image fields o... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-42795 | Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42788 | ### Summary Bandit's HTTP/2 parser checks frame size *after* it has already buffered the full body, instead of when it sees the 9-byte header. A peer... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42786 | ### Summary A single unauthenticated WebSocket client can exhaust server memory in any Bandit-fronted application that accepts WebSocket connections. ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-4266 | An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42647 | No description available | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-4263 | Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'visit... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4262 | Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'ID' in... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42599 | When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an applicatio... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42598 | Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesti... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42573 | Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42571 | ## Background On April 2nd, 2026, a Claude coding agent alerted Pelican PI Brian Bockelman to a privilege escalation vulnerability affecting Pelican'... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42570 | `devalue.parse` could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse a... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42568 | ### Summary An LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is... | 0.0 | 0 | Neutral | Yes | Yes |
| CVE-2026-42567 | An internal regex in the Svelte runtime can take exponential time to test in `<svelte:element this={tag}></svelte:element>`. You are only vulnerable t... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42563 | ## Summary Dulwich's `ProcessMergeDriver` substitutes the file path (from the git tree, controllable by an attacker via a malicious branch) into the ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42553 | ### Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause t... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-4255 | A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows (64-bit) allows a local attacker to escalate privileges via DLL s... | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-42548 | ### Summary `Flight::jsonp()` concatenates the `?jsonp=` query parameter directly into an `application/javascript` response body without validating th... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42518 | This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unau... | 0.0 | 0 | Neutral | No | No |