Miggo at RSAC 2026!

Miggo Logo

Miggo Predictive Vulnerability Database

Comprehensive vulnerability intelligence for security teams to gain clarity into CVEs to prioritize and respond with precision.

Concerned about an active attack path? Talk to our security experts and see Miggo in action

Contact UsArrow Right
Hero Image
New Vulnerabilities

Top 10 CVEs

CVE-2025-29927

9.1
critical
Authorization Bypass in Next.js Middleware
Public FixFix Available
-
Vulnerable Functions3 Vulnerable Functions
Published
3/21/2025
Updated
3/2/2026

CVE-2021-44228

10
critical
Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
Public FixFix Available
KEV Listed
Vulnerable Functions2 Vulnerable Functions
Published
12/10/2021
Updated
2/20/2026

CVE-2025-1974

9.8
critical
ingress-nginx admission controller RCE escalation
Public FixNo Fix
-
Vulnerable Functions2 Vulnerable Functions
Published
3/25/2025
Updated
2/4/2026

CVE-2025-55182

10
critical
React Server Components are Vulnerable to RCE
Public FixFix Available
-
Vulnerable Functions7 Vulnerable Functions
Published
12/3/2025
Updated
12/3/2025

CVE-2025-3248

9.8
critical
Langflow Vulnerable to Code Injection via the `/api/v1/validate/code` endpoint
Public FixFix Available
KEV Listed
Vulnerable Functions2 Vulnerable Functions
Published
4/7/2025
Updated
4/10/2025

CVE-2025-24813

9.8
critical
Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
Public FixFix Available
KEV Listed
Vulnerable Functions2 Vulnerable Functions
Published
3/10/2025
Updated
3/19/2025

CVE-2023-50164

9.8
critical
Apache Struts vulnerable to path traversal
Public FixFix Available
-
Vulnerable Functions4 Vulnerable Functions
Published
12/7/2023
Updated
2/13/2025

CVE-2024-27348

9.8
critical
Apache HugeGraph-Server: Command execution in gremlin
Public FixFix Available
KEV Listed
Vulnerable Functions2 Vulnerable Functions
Published
4/22/2024
Updated
2/13/2025

CVE-2022-22965

9.8
critical
Remote Code Execution in Spring Framework
Public FixFix Available
KEV Listed
Vulnerable Functions2 Vulnerable Functions
Published
3/31/2022
Updated
1/29/2025

CVE-2024-53677

9.5
critical
Apache Struts file upload logic is flawed
Public FixFix Available
-
Vulnerable Functions2 Vulnerable Functions
Published
12/11/2024
Updated
1/3/2025
New Vulnerabilities

New vulnerabilities last 30 days

CVE-2026-30860: WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool
WeKnora AI Database Query Tool RCE via SQLi bypass executes arbitrary code by smuggling PostgreSQL functions inside uninspected ArrayExpr and RowExpr nodes.
Miggo AI
Analysis:
Available
9.9
critical
3/7/2026
CVE-2026-30859: WeKnora: Broken Access Control - Cross-Tenant Data Exposure
WeKnora broken access control in its database query tool grants authenticated tenants cross-tenant data exposure via SQL queries lacking tenant isolation.
Miggo AI
Analysis:
Available
5.3
medium
3/7/2026
CVE-2026-30858: WeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal Resources
WeKnora web_fetch tool DNS Rebinding SSRF bypasses validation via TOCTOU, letting attackers access internal services and cloud metadata with a malicious domain.
Miggo AI
Analysis:
Available
6.5
medium
3/7/2026
CVE-2026-30855: WeKnora: Broken Access Control in Tenant Management
WeKnora tenant management API auth bypass grants attackers cross-tenant account takeover, data theft, and deletion via insecure direct object references.
Miggo AI
Analysis:
Available
8.8
high
3/7/2026