Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 204,330 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-55672 | ### Summary Zitadel's OAuth2 / OIDC `CodeExchange` and `RefreshToken` implementations omit a critical validation step to ensure that the requesting c... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-55671 | ### Summary A Server-Side Request Forgery (SSRF) vulnerability was discovered in Zitadel affecting: * **HTTP Notification Channels:** Used as an alt... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55670 | ### Summary A flaw in the user lifecycle enforcement allowed deleted users to retain their original organization/tenant association. Recreating a del... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55669 | ### Summary An authentication bypass vulnerability was discovered in ZITADEL's external JWT Identity Provider (IdP) implementation. When validating ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55666 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, in ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-55661 | TinaCMS rich-text parsing and the default link/image renderers did not sanitize the `url` field on Slate link/image nodes. Content containing `javascr... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55660 | TinaCMS registers window message listeners — the useTina overlay handler, the OAuth authentication popup handler, and the admin↔preview iframe GraphQL... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55650 | ## Summary A Stored Cross-Site Scripting (XSS) issue previously existed in the Text Widget in Board of Outerbase Studio where unsanitized HTML could ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55636 | ### Summary Capsule v0.13.2 webhook rules contain `namespace/finalize` (singular) instead of `namespaces/finalize` (plural). K8s requires plural. The ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55617 | ### Impact Hydro contains an insufficient session expiration vulnerability in its session recreation logic. When a session is recreated, including du... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55592 | No description available | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-55591 | ### Summary signalk-server versions up to and including 2.27.0 contain a Server-Side Request Forgery (SSRF) vulnerability in three administrative endp... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55590 | ### Impact The `getLoginRedirect()` method contains a weakness to backslash bypasses allowing redirect targets with attacker controlled hostnames. ##... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55584 | No description available | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-55542 | ### Impact Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55519 | ### Impact A vulnerability was identified in Snipe-IT v8.4.0 (build 21280-g91a95dbc6) that allows any authenticated user with generic asset edit permi... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55518 | ## Summary A critical missing authorization flaw exists in Avo's association attach workflow. The UI and `GET /resources/:resource/:id/:related/new` ... | 9.6 | 0 | Neutral | No | Yes |
| CVE-2026-55488 | ### Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files fr... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-55483 | ### Impact The `store()` method in both the web and API `UsersController` only strips the superuser permission when a non-superuser creates a user. It... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55482 | ### Impact The `BulkAssetsController::update()` method accepts `company_id` directly from user input without calling `Company::getIdForCurrentUser()`,... | 0.0 | 0 | Neutral | No | Yes |