Search Results (14133 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-7796 1 Synacor 1 Zimbra Collaboration Suite 2026-02-18 9.8 Critical
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
CVE-2025-62616 2 Agpt, Significant-gravitas 2 Autogpt Platform, Autogpt 2026-02-17 9.8 Critical
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library aiohttp.ClientSession().get is used directly to access the URL, but the input URL is not filtered, which will cause SSRF vulnerability. This issue has been patched in autogpt-platform-beta-v0.6.34.
CVE-2025-62615 2 Agpt, Significant-gravitas 2 Autogpt Platform, Autogpt 2026-02-17 9.8 Critical
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlopen is used directly to access the URL, but the input URL is not filtered, which will cause SSRF vulnerability. This issue has been patched in autogpt-platform-beta-v0.6.34.
CVE-2025-65784 1 Hubert 1 Hub 2026-02-13 6.5 Medium
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request.
CVE-2025-21385 1 Microsoft 2 Office Purview, Purview 2026-02-13 8.8 High
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.
CVE-2025-21312 1 Microsoft 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more 2026-02-13 2.4 Low
Windows Smart Card Reader Information Disclosure Vulnerability
CVE-2025-21292 1 Microsoft 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more 2026-02-13 8.8 High
Windows Search Service Elevation of Privilege Vulnerability
CVE-2025-21220 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 7.5 High
Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2025-21299 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2026-02-13 7.1 High
Windows Kerberos Security Feature Bypass Vulnerability
CVE-2025-21288 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 6.5 Medium
Windows COM Server Information Disclosure Vulnerability
CVE-2025-21272 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 6.5 Medium
Windows COM Server Information Disclosure Vulnerability
CVE-2025-21177 1 Microsoft 1 Dynamics 365 Sales 2026-02-13 8.7 High
Server-side request forgery (ssrf) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.
CVE-2025-29809 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2026-02-13 7.1 High
Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally.
CVE-2025-27474 1 Microsoft 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more 2026-02-13 6.5 Medium
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-47733 1 Microsoft 2 Power Apps, Power Pages 2026-02-13 9.1 Critical
Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network
CVE-2025-29958 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 6.5 Medium
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-68157 2 Webpack, Webpack.js 2 Webpack, Webpack 2026-02-13 3.7 Low
Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that appears restricted to a trusted allow-list can be redirected to HTTP(S) URLs outside the allow-list. This is a policy/allow-list bypass that enables build-time SSRF behavior (requests from the build machine to internal-only endpoints, depending on network access) and untrusted content inclusion in build outputs (redirected content is treated as module source and bundled). This issue has been patched in version 5.104.0.
CVE-2025-29830 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 6.5 Medium
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29829 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2026-02-13 5.5 Medium
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
CVE-2025-29959 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-02-13 6.5 Medium
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.