Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 200,131 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-42859 | Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. A... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-42856 | # Security Advisory: Missing Authentication for Critical Function in `Jovancoding/Network-AI` | Field | Value | |---|---| | Project | `Jovancoding/Ne... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42850 | Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42847 | ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #122, there is a critical SQL Injection (SQLi) vulnerability in ClipBucket, e... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42845 | ### Summary (Tested on Form 9.0.3 released on April, 28th) The Form plugin's file upload handler at `user/plugins/form/classes/Form.php:583` accepts ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42840 | An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trigger unescaped rendering i... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42839 | An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the item_name, description, or image fields o... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42795 | Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42788 | ### Summary Bandit's HTTP/2 parser checks frame size *after* it has already buffered the full body, instead of when it sees the 9-byte header. A peer... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42786 | ### Summary A single unauthenticated WebSocket client can exhaust server memory in any Bandit-fronted application that accepts WebSocket connections. ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-4266 | An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4263 | Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'visit... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-4262 | Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'ID' in... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42604 | Actual is a local-first personal finance tool. The `POST /openid/config` endpoint in Actual Budget's sync-server versions <= 26.4.0 exposes the full O... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42598 | Pode is a Cross-Platform PowerShell web framework for creating REST APIs, Web Sites, and TCP/SMTP servers. From 2.4.0, to before 2.13.0, when requesti... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42571 | ## Background On April 2nd, 2026, a Claude coding agent alerted Pelican PI Brian Bockelman to a privilege escalation vulnerability affecting Pelican'... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42563 | ## Summary Dulwich's `ProcessMergeDriver` substitutes the file path (from the git tree, controllable by an attacker via a malicious branch) into the ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42553 | ### Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause t... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42548 | ### Summary `Flight::jsonp()` concatenates the `?jsonp=` query parameter directly into an `application/javascript` response body without validating th... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42518 | This vulnerability exists in e-Sushrut due to disclosure of sensitive information and hardcoded AES encryption keys in client-side JavaScript. An unau... | 0.0 | 0 | Neutral | No | No |