Search

Expected end of text, found '.' (at char 8), (line:1, col:9)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (332944 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-27573 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-27569 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-27251 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-26471 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-25049 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-24524 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-24518 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-24492 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-24321 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-24300 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-22845 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-20110 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-20107 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-20098 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-20089 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-20078 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-20066 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-20038 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-20007 2026-02-13 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
CVE-2025-68458 2 Webpack, Webpack.js 2 Webpack, Webpack 2026-02-13 3.7 Low
Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo (username:password@host). If allowedUris enforcement relies on a raw string prefix check (e.g., uri.startsWith(allowed)), a URL that looks allow-listed can pass validation while the actual network request is sent to a different authority/host after URL parsing. This is a policy/allow-list bypass that enables build-time SSRF behavior (outbound requests from the build machine to internal-only endpoints, depending on network access) and untrusted content inclusion (the fetched response is treated as module source and bundled). This issue has been patched in version 5.104.1.