Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 321,531 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-9739 | Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790). During the beta phase, we implemented `allowed-origins` and `allowed-hosts` f... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-9726 | The Basket module enables e-commerce and checkout functionality for Drupal sites. The module does not sufficiently sanitize user-supplied data before ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-9712 | When creating an export through the pretix API, API clients are returned an UUID value for their export job (a long, random string like 35742818-c37... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-9702 | The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce orde... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-9669 | bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same deco... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-9642 | There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access) An unauthenticated remote attacker can a... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-9591 | Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to crea... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-9509 | An unhandled exception in Suprema BioStar 2 (Server), versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a de... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-9508 | Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow backup files to be publicly expos... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-9507 | A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keepin... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-9506 | This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remot... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-9489 | NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom pr... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-9375 | urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API (`preload_content=False`) when using Brotli support. The issue... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-9307 | A sensitive information disclosure security issue exists within the affected CompactLogix controllers. The controller's web server exposes CIP Connect... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-9279 | Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name (e.g. `git`, `... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-9274 | This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical acc... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-9266 | A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. Th... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-9194 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-9158 | In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling point... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-9152 | A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requirin... | 0.0 | 0 | Neutral | No | No |