Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 204,370 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-55885 | ### Summary An authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including `u... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-55884 | ## Summary The Tilt HUD HTTP server exposes state-changing and sensitive-read endpoints with no authentication. When the HUD is bound to a non-loopbac... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55883 | ## Summary The Tilt HUD WebSocket (`/ws/view`) is gated by a CSRF token, but the token is served by an unauthenticated endpoint and the upgrader accep... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55882 | ## Summary The Tilt HUD server mounts Go's `net/http/pprof` handlers under `/debug` with no access control. When the HUD is network-exposed, an attack... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-5588 | : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules). PKIX draf... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55878 | ### Description The `ux:install` console command installs files from a recipe kit by copying paths listed in a `copy-files` map. The only guard agains... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55877 | ### Description The `ux_icon()` Twig function is marked `is_safe=['html']`, so Twig never escapes its output. `Icon::toHtml()` inlines the SVG source... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55866 | ### Impact Under concurrency, `CheckPermission` and `CheckBulkPermissions` can return `PERMISSIONSHIP_HAS_PERMISSION` for a (resource, permission, su... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55865 | ### Impact Given a malformed `{% case %}` tag without associated `{% when %}` or `{% else %}` block, and no terminating `{% endcase %}` tag, Python Li... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55863 | ## Summary The `ActionHandler.post()` method in motionEye has no authentication decorator, allowing any unauthenticated attacker to trigger camera ac... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55849 | ## Summary A command injection vulnerability exists in `@cyclonedx/cyclonedx-npm` when the CLI is invoked with the `--workspace <value>` option while ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55847 | ## Summary The `ansi.js` Handlebars helper in allure-generator passes user-controlled `statusMessage` and `statusTrace` values from test result files... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55846 | ## Summary The built-in HTTP server started by `allure serve` and `allure open` is vulnerable to path traversal. The server resolves request URI path... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55837 | ## Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens ### Summary The local OAuth helper FastAPI server bundled with `dbt-mcp` exposes... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55832 | ### Summary `tract` (the `tract-onnx` crate) resolves an ONNX tensor's external-data `location` by joining it onto the model directory **without any ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55828 | ### Impact The go.qbee.io/transport library is affected by a symlink-chain path traversal vulnerability in its extractTar routine. The library's path... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55810 | The Plotly.js Graphing module provides a fully customizable implementation of the open source Plotly.js graphing library. The module stores some data ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55809 | The Flag attendance field module gives you the ability to add attendance by depending on Flag module. flag_attendance_field stores some data as PHP-se... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55808 | The JSON:API and REST modules allow you to upload image files to image fields. The validation rules check the file extension of the uploaded file but ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55807 | The Media module comes with support for oEmbed. The oEmbed specification contains two discovery mechanisms, via providers.json and via URL discovery. ... | 0.0 | 0 | Neutral | No | No |