Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 201,278 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-50165 | No description available | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-50163 | ### Root cause The tar-extraction helper `ensureLinkPath` at [`content/file/utils.go:262-275`](https://github.com/oras-project/oras-go/blob/main/cont... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50162 | The file content store in `oras-go` attempts to confine writes to `workingDir` when `AllowPathTraversalOnWrite=false`, but the guard is lexical and do... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50158 | ## Arbitrary File Write via MCP `caption-download` Tool ### Summary The `caption-download` MCP tool in yutu passes the caller-supplied `file` parame... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50157 | ### Description Applications built with the Auth0 Symphony SDK, using the Authorizer security authenticator to protect HTTP routes may accept OAuth 2.... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50151 | ## Summary oras-go follows a registry-controlled `Location` header during the monolithic blob upload flow and reuses the `Authorization` header from ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50149 | ### Impact When an `HTTPProxy` is configured with incompatible combination of both `.spec.virtualhost.tls.enableFallbackCertificate: true` and `.spec... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50148 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-50147 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-50144 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-50143 | ## Actor MCP path authority injection leaks Apify token ### Summary `@apify/actors-mcp-server` version `0.10.7` builds Actor standby URLs by directl... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50142 | No description available | 0.0 | 0 | Neutral | Yes | Yes |
| CVE-2026-50141 | ### Impact A vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injectin... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50139 | # Share-link `?token=…` redemption races past download limit **Ecosystem:** Go **Package:** `goshs.de/goshs/v2` (`github.com/patrickhener/goshs`) **A... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50138 | # WebDAV listener ignores `--read-only`, `--upload-only`, and `--no-delete` mode flags **Ecosystem:** Go **Package:** `goshs.de/goshs/v2` (`github.co... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50125 | ## Unbounded Pod Log Read via Attacker-Controlled `limitBytes`/`tailLines` Causes Memory Exhaustion ### Summary The MKP (Model Context Protocol for ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-50124 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-50100 | Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerab... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-5010 | A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in Clickedu. This vulnerability allows an attacker to execute JavaScript code... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-50052 | In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync... | 0.0 | 0 | Neutral | No | Yes |