Latest CVE Feed
-
8.7
HIGHCVE-2025-54858
When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate. Note... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-55036
When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption. Note: Software versions which have reached End of Technical Support (EoTS) ar... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2025-61935
When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGH- Published: Oct. 09, 2025
- Modified: Oct. 17, 2025
-
8.7
HIGHCVE-2025-59964
A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When forwarding-options sampling is ... Read more
Affected Products : junos- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-62427
The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution mechanism of Angular's Server-Side Rendering package (@angular/ssr) before 19.2.18, 20.3.6, ... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Server-Side Request Forgery
-
8.7
HIGHCVE-2025-10150
Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31... Read more
- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-59478
When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Supp... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-1036
Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root ... Read more
Affected Products : tropos_4th_gen- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2012-10063
Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowi... Read more
Affected Products : xi- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-61779
Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was... Read more
Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authentication
-
8.7
HIGHCVE-2025-34518
Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends that customer... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2025-48008
When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions whic... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +13 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-53521
When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-10552
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.... Read more
Affected Products : 3dexperience- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
8.7
HIGHCVE-2016-15047
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisti... Read more
Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-46706
When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +13 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2025-53474
When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2020-36869
Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply ... Read more
Affected Products : xi- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-11573
An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this ... Read more
Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service