Latest CVE Feed
-
8.8
HIGHCVE-2025-5949
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password chang... Read more
Affected Products :- Published: Nov. 01, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-61417
Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their ... Read more
Affected Products : tastyigniter- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-11911
A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.do?Action=Query. The manipulation of the argument sortField results in sql injection. It is possible to launch the... Read more
Affected Products : streamax_crocus- Published: Oct. 17, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-43419
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Processing maliciously crafted web content may lead to memory corruption.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2023-43000
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web content may lead to memory corruption.... Read more
- Published: Nov. 05, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2012-10063
Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager (CCM) interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowi... Read more
Affected Products : xi- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-55669
When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End ... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-59781
When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +12 more products- Published: Oct. 15, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-58071
When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +13 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2016-15047
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisti... Read more
Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-61974
When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-61935
When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-60016
When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that profile is applied to a virtual server, undisclosed traffic can cause the Traffic Management Microke... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cryptography
-
8.7
HIGHCVE-2025-48008
When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions whic... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +13 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-53856
When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to t... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-58120
When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-6892
An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected API endpoints, including those intended for administrative f... Read more
Affected Products : tn-4900_firmware- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2024-13991
Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the `fullPath` parameter of the `/fileDownload?action=downloadBackupFile` endpoint and retrieve files from t... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2020-36869
Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply ... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-61938
When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repe... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service