Skip to main content
CVE-2025-68458 LOW POC PATCH Monitor

Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo (username:password@host). [CVSS 3.7 LOW]

SSRF Webpack
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-68157 LOW POC PATCH Monitor

Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. [CVSS 3.7 LOW]

SSRF Webpack
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2020-37148 LOW POC Monitor

P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. [CVSS 3.5 LOW]

XSS
NVD Exploit-DB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2020-37118 LOW POC Monitor

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. [CVSS 3.5 LOW]

CSRF
NVD Exploit-DB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-1970 LOW POC Monitor

A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redirect. The attack can be initiated remotely. The exploit has been published and may be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products t...

Open Redirect
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15323 LOW Monitor

Tanium addressed an improper certificate validation vulnerability in Tanium Appliance. [CVSS 3.7 LOW]

Authentication Bypass Tanos
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-25815 LOW Monitor

Fortinet FortiOS versions up to 7.6.6 contains a vulnerability that allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in t (CVSS 3.2).

Fortinet Fortigate LDAP
NVD
CVSS 3.1
3.2
EPSS
0.0%
CVE-2025-15289 LOW Monitor

Tanium addressed an improper access controls vulnerability in Interact. [CVSS 3.1 LOW]

Authentication Bypass Interact
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-15321 LOW Monitor

Tanium addressed an improper input validation vulnerability in Tanium Appliance. [CVSS 2.7 LOW]

Privilege Escalation Tanos
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-1517 LOW Monitor

SQL injection in iomad's Company Admin Block component through version 5.0 allows remote attackers with high privileges to manipulate backend queries and gain unauthorized access to sensitive data. The vulnerability requires administrator credentials to exploit but enables attackers to read, modify, or delete database contents within the application's security context. No patch is currently available.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy