Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%

CVE Database & AI Vulnerability Analysis

Browse 337,446+ CVEs from NVD & CNNVD with AI-powered analysis, AI-generated PoCs, KEV/EPSS tracking, and daily security intelligence. Filter by vendor, product, severity, or CWE.

Trusted by security teams 450+security practitioners120+company & university domains· security vendors · in-house teams · academia · bug-bounty hunters
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-10692 johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos johnhuang316code-index-mcp Medium 4.3 2026-06-02 23:45:12 Deep Dive
CVE-2026-10691 wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos wonderwhy-erDesktopCommanderMCP Medium 4.3 2026-06-02 23:30:15 Deep Dive
CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update planetshakerEmergencyWP – Dead Man's switch & legacy deliverance Medium 4.3 2026-06-02 23:27:49 Deep Dive
CVE-2026-7421 Passeum Ticketing <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'shop_name' Setting passeumPasseum Ticketing Medium 4.4 2026-06-02 23:27:48 Deep Dive
CVE-2026-10690 wonderwhy-er DesktopCommanderMCP read_file filesystem.ts readFileFromUrl server-side request forgery wonderwhy-erDesktopCommanderMCP Medium 6.3 2026-06-02 23:15:09 Deep Dive
CVE-2026-40108 GLPI Vulnerable to Stored XSS in ITIL Costs glpi-projectglpi--2026-06-02 23:02:35 Deep Dive
CVE-2026-41412 alf.io vulnerable to Arbitrary File Read and Exfil via simpleHttpClient Extension Script alfio-eventalf.io Medium 4.9 2026-06-02 22:51:36 Deep Dive
CVE-2026-35482🧪 alf.io has an Authenticated RCE via Extension Script Sandbox Escape alfio-eventalf.io High 8.0 2026-06-02 22:50:40 Deep Dive
CVE-2026-44654 LibreChat: Shared-agent editor can globally delete owner's file records — breaks owner's other private agents danny-avilaLibreChat--2026-06-02 22:47:29 Deep Dive
CVE-2026-10688 ahujasid blender-mcp server.py execute_blender_code code injection ahujasidblender-mcp Medium 5.5 2026-06-02 22:45:11 Deep Dive
CVE-2026-44653 LibreChat Shared MCP Server View Leaks Decrypted Admin Secrets danny-avilaLibreChat Medium 6.5 2026-06-02 22:40:21 Deep Dive
CVE-2026-32625🧪 LibreChat Exfiltrates Server Secrets via MCP Server URL Injection danny-avilaLibreChat Critical 9.6 2026-06-02 22:35:01 Deep Dive
CVE-2026-10719 Open Seachest/Seachest NVMe show Format Descriptors Vulnerability ----2026-06-02 22:31:46 Deep Dive
CVE-2026-31942🧪 LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys danny-avilaLibreChat High 7.1 2026-06-02 22:22:14 Deep Dive
CVE-2026-10718 Open Seachest/Seachest NVMe Trim (Deallocate) Vulnerability ----2026-06-02 22:19:41 Deep Dive
CVE-2026-25861 QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php QloAppsQloApps Medium 5.9 2026-06-02 22:09:19 Deep Dive
CVE-2026-10717 Open-Seachest/Seachest show SCSI Defect List Vulnerability ----2026-06-02 22:06:35 Deep Dive
CVE-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mime Go standard librarymime--2026-06-02 22:01:37 Deep Dive
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto Go standard librarynet/textproto--2026-06-02 22:01:37 Deep Dive
CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509 Go standard librarycrypto/x509--2026-06-02 22:01:37 Deep Dive

Frequently Asked Questions

340,000+ CVEs aggregated from NVD and CNNVD, updated daily with AI-generated Chinese translations.

Basic CVE data is completely free. AI PoC generation and premium intelligence features require a Pro or Pro+ subscription.

When a CVE has no public proof-of-concept, Shenlong AI automatically generates exploit code and a technical analysis report based on the vulnerability description and references.

Yes. Shenlong AI has translated NVD English descriptions into Chinese, so you can search CVEs using Chinese keywords directly.