Latest CVE Feed
-
7.5
HIGHCVE-2024-50595
An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious... Read more
- Published: Apr. 02, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2024-50594
An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious... Read more
- Published: Apr. 02, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-4447
In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.... Read more
Affected Products : openj9- Published: May. 09, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Memory Corruption
-
8.0
HIGHCVE-2024-33612
An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products : big-ip_next_central_manager- Published: May. 08, 2024
- Modified: Sep. 05, 2025
-
6.0
MEDIUMCVE-2024-23976
When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Suppor... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +2 more products- Published: Feb. 14, 2024
- Modified: Sep. 05, 2025
-
8.8
HIGHCVE-2024-23603
An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated... Read more
- Published: Feb. 14, 2024
- Modified: Sep. 05, 2025
-
7.2
HIGHCVE-2024-21827
A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker... Read more
- Published: Jun. 25, 2024
- Modified: Sep. 05, 2025
-
7.8
HIGHCVE-2024-23306
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated... Read more
Affected Products : big-ip_next_service_proxy_for_kubernetes big-ip_next_cloud-native_network_functions- Published: Feb. 14, 2024
- Modified: Sep. 05, 2025
-
7.2
HIGHCVE-2024-22389
When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +2 more products- Published: Feb. 14, 2024
- Modified: Sep. 05, 2025
-
6.9
MEDIUMCVE-2024-54138
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequa... Read more
Affected Products : nugetgallery- Published: Dec. 06, 2024
- Modified: Sep. 05, 2025
-
8.8
HIGHCVE-2025-22130
Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositori... Read more
Affected Products : soft_serve- Published: Jan. 08, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Path Traversal
-
9.6
CRITICALCVE-2024-22093
When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software vers... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +2 more products- Published: Feb. 14, 2024
- Modified: Sep. 05, 2025
-
9.8
CRITICALCVE-2024-21793
An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products : big-ip_next_central_manager- Published: May. 08, 2024
- Modified: Sep. 05, 2025
-
5.7
MEDIUMCVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built ... Read more
- Published: Aug. 14, 2024
- Modified: Sep. 05, 2025
-
3.3
LOWCVE-2024-51491
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature... Read more
Affected Products : notation-go- Published: Jan. 13, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Misconfiguration
-
5.9
MEDIUMCVE-2024-11584
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could ... Read more
Affected Products : cloud-init- Published: Jun. 26, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-32023
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potenti... Read more
Affected Products : redis- Published: Jul. 07, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-48367
Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10,... Read more
Affected Products : redis- Published: Jul. 07, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Denial of Service
-
4.8
MEDIUMCVE-2025-55107
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could p... Read more
Affected Products : portal_for_arcgis- Published: Aug. 21, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-55106
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potential... Read more
Affected Products : portal_for_arcgis- Published: Aug. 21, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Cross-Site Scripting