Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 200,044 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-42996 | JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long M... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-42961 | ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42950 | ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42948 | Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an ar... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42940 | No description available | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-42888 | Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.j... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42881 | STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution (LCE) with... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42875 | ### Impact Namespaced SecretStore resources that used CAProvider with type `ConfigMap` could resolve CA material from another namespace when `caProvi... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42871 | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiar_docfamiliar.php displays an overly descriptive error... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42870 | WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the followi... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42866 | Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's write_txt, write_csv, write_json, and (commented-but-ship... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42863 | ### Summary A Mass Assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-control... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42862 | ### Summary A Mass Assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42861 | ### Summary A Mass Assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify se... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42859 | Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. A... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42856 | # Security Advisory: Missing Authentication for Critical Function in `Jovancoding/Network-AI` | Field | Value | |---|---| | Project | `Jovancoding/Ne... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42853 | Summary The @apostrophecms/cli package contains a command injection vulnerability in the apos create command. User-supplied input from the password p... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42847 | ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #122, there is a critical SQL Injection (SQLi) vulnerability in ClipBucket, e... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-42845 | ### Summary (Tested on Form 9.0.3 released on April, 28th) The Form plugin's file upload handler at `user/plugins/form/classes/Form.php:583` accepts ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-42840 | An authenticated user can persist arbitrary HTML/JavaScript in the email_id or mobile_no fields of a Customer record and trigger unescaped rendering i... | 0.0 | 0 | Neutral | No | No |