Latest CVE Feed
-
8.7
HIGHCVE-2025-53474
When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-41430
When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
5.7
MEDIUMCVE-2025-55078
In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
6.8
MEDIUMCVE-2025-54889
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XSS by users with elevated privileges. This issue affects... Read more
Affected Products : centreon_web- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.8
MEDIUMCVE-2025-54891
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects I... Read more
Affected Products : centreon_web- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2025-59483
A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
9.1
CRITICALCVE-2025-59481
A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful explo... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-58133
Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-59269
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-59268
On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) a... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-58132
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
2.1
LOWCVE-2025-62655
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44.... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
8.3
HIGHCVE-2025-62650
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.... Read more
Affected Products : restaurant_brands_international_assistant- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
5.8
MEDIUMCVE-2025-62649
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.... Read more
Affected Products : restaurant_brands_international_assistant- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
10.0
CRITICALCVE-2025-11925
Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2025-62511
yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version 1.0 contains a Time-of-Check to Time-of-Use (TOCTOU) race condition (CWE-367) in the creation of the default configuration file config.json... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Race Condition
-
6.5
MEDIUMCVE-2025-11911
A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.do?Action=Query. The manipulation of the argument sortField results in sql injection. It is possible to launch the... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-11908
A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the argument File results in unrestricted upload. ... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-62356
A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to read arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt ... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-49655
Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s ... Read more
Affected Products : keras- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection