Latest CVE Feed
-
8.8
HIGHCVE-2025-12490
Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Netgate pfSense. Authentication is required to exploit this vulnerability. T... Read more
Affected Products : pfsense- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2025-12161
The Smart Auto Upload Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the auto-image creation functionality in all versions up to, and including, 1.2.0. This makes it possible for authenticated at... Read more
Affected Products :- Published: Nov. 08, 2025
- Modified: Nov. 08, 2025
- Vuln Type: Authentication
-
8.7
HIGHCVE-2025-61951
Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) 1.2 virtual server is enabled with a Server SSL profile that is configured with a certificate, key, ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-34517
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that custome... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2025-61974
When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-41113
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarDenunciaByPin.php'.... Read more
Affected Products : canaldenuncia.app- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2025-41112
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'.... Read more
Affected Products : canaldenuncia.app- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2025-11757
The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2020-36869
Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply ... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-62159
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 thro... Read more
Affected Products : external_secrets_operator- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2025-55669
When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End ... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-41068
Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The N... Read more
- Published: Oct. 27, 2025
- Modified: Oct. 29, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-59781
When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +12 more products- Published: Oct. 15, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-60016
When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that profile is applied to a virtual server, undisclosed traffic can cause the Traffic Management Microke... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cryptography
-
8.7
HIGHCVE-2023-7322
Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the AP... Read more
Affected Products : log_server- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2025-61990
When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +14 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-58120
When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-53856
When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to t... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-48008
When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions whic... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +13 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-41114
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDocumentosBy... Read more
Affected Products : canaldenuncia.app- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Authorization