Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

58 matches found

Tenable Nessus
Tenable Nessusadded 2026/02/06 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-68458

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack's HTTPS resolver HttpUriPlugin can be bypasse...

3.7CVSS5.7AI score0.00011EPSS
Exploits1References4
OSV
OSVadded 2026/02/05 11:15 p.m.0 views

UBUNTU-CVE-2025-68458

Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo username:password@host. If allowedUris...

3.7CVSS7AI score0.00011EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/02/05 11:8 p.m.30 views

CVE-2025-68157 webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects

Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that...

3.7CVSS0.00011EPSS
Exploits1References1
OSV
OSVadded 2026/02/05 11:8 p.m.1 views

CVE-2025-68157 webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects

Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that...

3.7CVSS5.5AI score0.00011EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/02/05 11:8 p.m.1 views

CVE-2025-68157 webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects

Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that...

3.7CVSS5.4AI score0.00011EPSS
Exploits1References1
CVE
CVEadded 2026/02/05 11:8 p.m.31 views

CVE-2025-68157

Webpack vulnerability CVE-2025-68157 affects the HttpUriPlugin when experiments.buildHttp is enabled. From 5.49.0 through versions before 5.104.0, allowedUris are validated only for the initial URL; redirects (HTTP 30x) are not re-validated, allowing an import restricted to a trusted allow-list t...

3.7CVSS5.4AI score0.00011EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/05 11:8 p.m.3 views

CVE-2025-68458

Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo username:password@host. If allowedUris...

3.7CVSS5.4AI score0.00011EPSS
Exploits1References2Affected Software1
Snyk
Snykadded 2026/02/05 6:38 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HttpUriPlugin component. An attacker can cause unauthorized outbound requests to internal or otherwise restricted endpoints and include untrusted content in build outputs by crafting URLs with...

3.7CVSS5.4AI score0.00011EPSS
Exploits1References2
Snyk
Snykadded 2026/02/05 6:38 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HttpUriPlugin component. An attacker can cause unauthorized outbound requests to internal or otherwise restricted endpoints and include untrusted content in build outputs by crafting URLs with...

3.7CVSS5.4AI score0.00011EPSS
Exploits1References2
OSV
OSVadded 2026/02/05 6:35 p.m.2 views

GHSA-38R7-794H-5758 webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence

Summary When experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that appears restricted to a trusted allow-list can be redirected to...

3.7CVSS5.7AI score0.00011EPSS
Exploits1References3
Snyk
Snykadded 2026/02/05 6:35 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HttpUriPlugin component when HTTP redirects are followed without re-validating the allowed URIs. An attacker can cause unauthorized network requests to internal services and inclusion of untruste...

3.7CVSS5.4AI score0.00011EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2014-2182

Malware in sbrugna...

5CVSS6.4AI score0.00218EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.0 views

EUVD-2009-0325

Malware in sbrugna...

4.3CVSS6.4AI score0.0418EPSS
Exploits1References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2017-5940

Malware in sbrugna...

7.5CVSS7.6AI score0.02218EPSS
Exploits2References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2017-5939

Malware in sbrugna...

7.5CVSS7.6AI score0.02218EPSS
Exploits2References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2017-5938

Malware in sbrugna...

7.5CVSS7.5AI score0.02218EPSS
Exploits2References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.0 views

EUVD-2022-6317

Malicious code in bioql PyPI...

4CVSS6.1AI score0.00401EPSS
Exploits0References9
F5 Networks
F5 Networksadded 2023/02/21 6:14 p.m.28 views

K22216037: TMM vulnerability CVE-2016-9245

Security Advisory Description Malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules...

5.9CVSS6AI score0.00655EPSS
Exploits0Affected Software21
RedHat Linux
RedHat Linuxadded 2023/01/17 11:47 a.m.2 views

jetty-http: improver hostname input handling

A flaw was found in Eclipse Jetty. When parsing the authority segment of an HTTP scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This issue can lead to failures in a Proxy scenario...

4CVSS7.1AI score0.00401EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2022/08/09 3:36 p.m.50 views

CVE-2022-2047

A flaw was found in Eclipse Jetty. When parsing the authority segment of an HTTP scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This issue can lead to failures in a Proxy scenario...

2.7CVSS0.5AI score0.00401EPSS
Exploits0References4
Rows per page
Query Builder