Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 201,258 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-50043 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If this vulnerab... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-50033 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-50030 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-50029 | ### Summary `js-toml`'s interpreter checks whether a key already exists in a parser-built container with `if (object[key])` instead of `if (key in ob... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50027 | ## Missing Authentication on Document API Endpoints Allows Unauthenticated Memory Read/Write/Delete ### Summary All HTTP routes under `/api/document... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50026 | Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unaut... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-50018 | ### Summary: Remote post-serve actions use `http.DefaultClient` without any timeout configuration. When the remote endpoint is unreachable or intenti... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50013 | ### Summary: When Hoverfly is running in Diff mode, the `AddDiff()` function writes to the shared `responsesDiff` map without any synchronization (no... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50008 | ### Impact The `routeAllowList` server option restricts external client access to a configured list of REST API routes. The check is only enforced as... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50007 | Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with user_access on a budge... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-50006 | ## Summary Anyquery's `server` mode does not disable or restrict native SQLite disk manipulation commands. Unauthenticated attackers connecting to the... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49998 | #### Summary Centrifugo's dynamic JWKS endpoint feature can verify a JWT for one allowed issuer using a public key cached from another allowed issuer... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49997 | In SurrealDB, records can be connected as a graph: a `RELATE` statement creates an edge record between two node records. If either endpoint node is de... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49996 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-49992 | ### Summary Kimai 2.56.0 contains authenticated cross-site request forgery issues in its default team creation shortcuts for projects, customers, and... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49989 | **Component:** `io.crate.protocols.http.HttpBlobHandler` **Affected:** verified against CrateDB 6.2.7 (latest at time of report; the bug has existed s... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49988 | # `attach_packed_output` can register arbitrary `.json/.txt/.md/.xml` files and bypass the MCP file-read safety check ## Summary Repomix's MCP serve... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49987 | ### Vulnerability Metadata | Field | Detail | | --- | --- | | **Affected Component** | `src/core/git/gitCommand.ts` (`execGitShallowClone`) | | **Imp... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49986 | ## Untrusted Project Bootstrap Code Execution via `CLAUDE_PROJECT_DIR` ### Summary The Cortex MCP server (`neuro-cortex-memory`) treats the `CLAUDE_... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-49981 | ### Description The per-template filter, tag and function allow-list check is compiled into the `checkSecurity()` method of each `Template` subclass ... | 0.0 | 0 | Neutral | No | Yes |