3.7
CVE-2025-68458 - webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF beβ¦
Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpackβs HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo (username:password@host). If allowedUriβ¦
8.7
CVE-2025-32393 - AutoGPT has a DoS vulnerability in ReadRSSFeedBlock
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS vulnerability in ReadRSSFeedBlock. In RSSBlock, feedparser.parser is called to obtain the XML file β¦
6.5
CVE-2026-0391 - Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
9.8
CVE-2026-24300 - Azure Front Door Elevation of Privilege Vulnerability
Azure Front Door Elevation of Privilege Vulnerability
8.2
CVE-2026-21532 - Azure Function Information Disclosure Vulnerability
Azure Function Information Disclosure Vulnerability
8.6
CVE-2026-24302 - Azure Arc Elevation of Privilege Vulnerability
Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network.
5.1
CVE-2026-1970 - Edimax BR-6258n formStaDrvSetup redirect
A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redirect. The attack can be initiated remotely. The exploit has been published and may be used. The vendβ¦
5.3
CVE-2026-1964 - WeKan REST Endpoint boards.js BoardTitleRESTBleed access control
A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch naβ¦
3.2
CVE-2026-25815 - LDAP Credentials Decryption via Default Encryption Key in FortiOS 7.6.6
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers' installations). NOTE: the Supplier's position is that the instancβ¦
5.3
CVE-2026-1963 - WeKan Attachment Storage attachments.js MoveStorageBleed access control
A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to version 8.21 mitigates this issue. The patchβ¦