6.9
CVE-2026-1972 - Edimax BR-6208AC auth_check_userpass2 default credentials
A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default credentials. The attack may be initiated remotely. The exploit has been made public and could be use…
4.8
CVE-2026-1971 - Edimax BR-6288ACL wiz_WISP24gmanual.asp wiz_WISP24gmanual cross site scripting
A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public…
4.2
CVE-2026-0598 - Ansible-lightspeed: broken object level authorization leading to cross-user ai conversation context…
A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could access …
7.6
CVE-2025-70963 -
Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context.
5.3
CVE-2026-23623 - Collabora Online vulnerable to Authorization Bypass
Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Collabora Online Development Edition version 25.04.08.2 and prior to Collabora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5, a user with view-only rights and no download privileges can obtain …
3.7
CVE-2025-68157 - webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects
Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that a…
3.7
CVE-2025-68458 - webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF be…
Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo (username:password@host). If allowedUri…
8.7
CVE-2025-32393 - AutoGPT has a DoS vulnerability in ReadRSSFeedBlock
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS vulnerability in ReadRSSFeedBlock. In RSSBlock, feedparser.parser is called to obtain the XML file …
6.5
CVE-2026-0391 - Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
9.8
CVE-2026-24300 - Azure Front Door Elevation of Privilege Vulnerability
Azure Front Door Elevation of Privilege Vulnerability