Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 204,390 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-5713 | The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree")... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-5667 | Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-5664 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-30078. Reason: This candidate is a reservation duplicate of CVE-2... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-56450 | AIL did not restrict repeated failed attempts to verify a two-factor authentication (OTP) code. An attacker who had reached the 2FA verification step,... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-56448 | A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-56422 | Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys (id) and ownership/scope foreign... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-56276 | Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-56267 | Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint that returns full user objec... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-56138 | AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-56130 | "Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, eve... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-56120 | OpenRemote before 1.25.0 contains an insecure direct object reference (IDOR) vulnerability in the bulk alarm deletion endpoint that allows authenticat... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-56119 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 0.0 | 0 | Neutral | No | No |
| CVE-2026-56118 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 0.0 | 0 | Neutral | No | No |
| CVE-2026-56091 | When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. Thi... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-5599 | A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds. | 0.0 | 0 | Neutral | No | No |
| CVE-2026-5598 | Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with prog... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55962 | TLS 1.3 post-handshake authentication (PHA) issue where a server could accept a client's Finished message without the client having sent a Certificate... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55890 | ## Summary The fix for **GHSA-r7fx-8g49-7hhr / CVE-2026-42841** (Stored XSS via Markdown media `attribute()` action) is incomplete. The maintainer pa... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55887 | ## Summary A maliciously crafted OCI image label can inject arbitrary arguments into the `docker run` command line constructed by the MCP Gateway. An... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-55886 | ### Summary `Jodit.modules.Helpers.set(chain, value, obj)` walks the dot-separated `chain`, creating and following each path segment, without filterin... | 0.0 | 0 | Neutral | No | Yes |