Lucene search
K

10759 matches found

RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.4 views

CVE-2025-62615

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlopen is used directly to access the URL, but the inpu...

9.8CVSS5.3AI score0.00357EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/06 1:25 a.m.4 views

CVE-2025-62616

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

9.8CVSS5.3AI score0.00338EPSS
Exploits1References1
NVD
NVD
added 2026/02/05 11:15 p.m.5 views

CVE-2025-68157

Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that...

3.7CVSS0.002EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 11:15 p.m.4 views

DEBIAN-CVE-2025-68458

Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo username:password@host. If allowedUris...

3.7CVSS5.3AI score0.002EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/02/05 11:15 p.m.6 views

CVE-2025-68458

Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo username:password@host. If allowedUris...

3.7CVSS6.9AI score0.002EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/02/05 11:15 p.m.4 views

CVE-2025-68157

Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that...

3.7CVSS6.9AI score0.002EPSS
Exploits1References2
OSV
OSV
added 2026/02/05 11:15 p.m.4 views

UBUNTU-CVE-2025-68157

Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that...

3.7CVSS7AI score0.002EPSS
Exploits1References3
OSV
OSV
added 2026/02/05 11:8 p.m.5 views

CVE-2025-68157 webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects

Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that...

3.7CVSS5.5AI score0.002EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/05 11:8 p.m.6 views

EUVD-2025-206877

Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo username:password@host. If allowedUris...

3.7CVSS5.3AI score0.002EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/05 11:8 p.m.4 views

CVE-2025-68458 webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior

Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo username:password@host. If allowedUris...

3.7CVSS5.4AI score0.002EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:35 p.m.3 views

GHSA-38R7-794H-5758 webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence

Summary When experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that appears restricted to a trusted allow-list can be redirected to...

3.7CVSS5.7AI score0.002EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/04 10:28 p.m.4 views

CVE-2025-62616

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession.get is used directly to access the URL, b...

9.3CVSS5.3AI score0.00338EPSS
Exploits1References2
CVE
CVE
added 2026/02/04 5:10 p.m.20 views

CVE-2026-22247

CVE-2026-22247 affects GLPI (versions 11.0.0 through

9.1CVSS5.3AI score0.00317EPSS
Exploits0References2Affected Software1
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.121 views

IBM WebSphere HCL Digital Experience - Server-Side Request Forgery

IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers. id: CVE-2021-27748 info: name: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery author: pdteam severity: high description: | IBM WebSphere HCL...

5.6AI score
Exploits0References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.7 views

Astro - Broken Access Control

Astro 2.16.0 to 5.15.5 contains a broken access control caused by insecure use of unsanitized x-forwarded-proto and x-forwarded-port headers in URL building, letting attackers bypass middleware protection, cause DoS, SSRF, and URL pollution, exploit requires crafted headers. id: CVE-2025-64525...

6.5CVSS5.3AI score0.01088EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.8 views

Memos 0.13.2 - Cross-Site Scripting & SSRF

An SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. id: CVE-2024-29029...

6.1CVSS5.9AI score0.0108EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-5900

Name of the Vulnerable Software and Affected Versions Tiny File Manager versions through 2.6 Description The software contains a server-side request forgery SSRF issue in the URL upload feature. Insufficient validation of user-supplied URLs allows an attacker to send crafted requests to localhost...

4.3CVSS5.4AI score0.00255EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-21945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions...

7.5CVSS6.1AI score0.00864EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

EulerOS Virtualization 2.10.1 : python3 (EulerOS-SA-2026-1141)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : There is a defect in the CPython 'tarfile' module affecting the 'TarFile' extraction and entry enumeration APIs. The tar...

7.5CVSS6.7AI score0.0067EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.6 views

EulerOS Virtualization 2.10.0 : python3 (EulerOS-SA-2026-1192)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : There is a defect in the CPython 'tarfile' module affecting the 'TarFile' extraction and entry enumeration APIs. The tar...

7.5CVSS6.7AI score0.0067EPSS
Exploits0References6
Rows per page
Query Builder