Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 204,350 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-55806 | Drupal core ships a rebuild.php front controller that can be used to rebuild Drupal (clearing the caches and rebuilding the container) when the site i... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-55804 | Drupal core contains a chain of methods that could be exploitable when an insecure deserialization vulnerability exists on the site. This so-called "g... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55803 | SA-CORE-2019-003 added protection for fields that store serialized data to disallow direct writes via web services. The above fix did not cover all po... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55795 | ### Summary The CartController defines a RateLimiter behavior that is only activated when the 'number' POST/GET parameter is explicitly provided. ##... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55791 | **1. Overview** Craft CMS is vulnerable to Server-Side Request Forgery (SSRF) and Arbitrary JavaScript Injection through the `/actions/app/resource-j... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55779 | No description available | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55778 | ### Impact Parse Server's default `fileUpload.fileExtensions` blocklist is intended to prevent uploading files that browsers render as active content... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55776 | On OpenBao 2.5.4 and 2.5.2(and likely earlier versions also), an authenticated caller with write access to `transit/keys/*` can crash the OpenBao serv... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55775 | ### Summary A user that is granted namespace management (`/sys/namespaces`) capabilities within a non-root namespace ("the victim namespace") can abu... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55774 | ### Summary OpenBao users with access to the `sys/leases/revoke/:lease_id` endpoint in any namespace can revoke leases in any other namespace as long... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55773 | ### Summary CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. Under certai... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55772 | ### Summary CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. Under certai... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55770 | ## 1. Description ### Component `sdk/helper/ldaputil/client.go` — the shared LDAP utility library used by both the LDAP authentication backend and O... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55760 | ### Impact Any application that passes user-controlled input to Handlebars.compile() using a FileTemplateLoader (or ClassPathTemplateLoader) is vulner... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55736 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a pr... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55701 | ## githubreceiver Silently Ignores Configured required_headers Authentication ### Summary The githubreceiver webhook handler does not enforce the `r... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55692 | ### Summary With $wgEmbedVideoRequireConsent enabled (the default), the urls for videos are stored in a json-ified data attribute`data-mw-iframeconfig... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55691 | ### Summary The user supplied class value is fed directly into the sprintf call that creates HTML. You can add a quote to escape the class and then in... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55690 | ### Summary When passing an unknown service name to embedvideo, an error message is rendered containing the invalid service name. The service name is ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55689 | ## Description OpenFGA's OIDC authenticator skipped JWT audience (`aud`) validation when no audience was configured. In deployments where one identit... | 0.0 | 0 | Neutral | No | Yes |