Latest CVE Feed
-
8.7
HIGHCVE-2025-21091
When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated... Read more
Affected Products : big-ip_access_policy_manager- Published: Feb. 05, 2025
- Modified: Feb. 05, 2025
- Vuln Type: Misconfiguration
-
8.9
HIGHCVE-2025-21087
When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Note: Software versions which have reached End of Techni... Read more
Affected Products : big-ip_access_policy_manager- Published: Feb. 05, 2025
- Modified: Feb. 05, 2025
- Vuln Type: Denial of Service
-
8.9
HIGHCVE-2025-20058
When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated... Read more
Affected Products : big-ip_access_policy_manager- Published: Feb. 05, 2025
- Modified: Feb. 05, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-20045
When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminat... Read more
Affected Products : big-ip_access_policy_manager- Published: Feb. 05, 2025
- Modified: Feb. 05, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2025-20029
Command injection vulnerability exists in iControl REST and BIG-IP TMOS Shell (tmsh) save command, which may allow an authenticated attacker to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (Eo... Read more
Affected Products : big-ip_access_policy_manager- Published: Feb. 05, 2025
- Modified: Feb. 05, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2024-7596
Proposed Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and... Read more
Affected Products : generic_udp_encapsulation- Published: Feb. 05, 2025
- Modified: Feb. 06, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2024-7595
GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected net... Read more
- Published: Feb. 05, 2025
- Modified: Feb. 06, 2025
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2024-56135
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.... Read more
- Published: Feb. 05, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Injection
-
8.4
HIGHCVE-2024-56134
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.... Read more
- Published: Feb. 05, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Injection
-
8.4
HIGHCVE-2024-56133
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.... Read more
- Published: Feb. 05, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Injection
-
8.4
HIGHCVE-2024-56132
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.... Read more
- Published: Feb. 05, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Injection
-
8.4
HIGHCVE-2024-56131
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.... Read more
- Published: Feb. 05, 2025
- Modified: Jul. 31, 2025
-
4.3
MEDIUMCVE-2025-20207
A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential information about ... Read more
- Published: Feb. 05, 2025
- Modified: Feb. 05, 2025
- Vuln Type: Information Disclosure
-
4.8
MEDIUMCVE-2025-20205
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due t... Read more
Affected Products : identity_services_engine- Published: Feb. 05, 2025
- Modified: Mar. 28, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-20204
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due t... Read more
Affected Products : identity_services_engine- Published: Feb. 05, 2025
- Modified: Mar. 28, 2025
- Vuln Type: Cross-Site Scripting
-
6.7
MEDIUMCVE-2025-20185
A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate p... Read more
Affected Products : secure_email_and_web_manager asyncos secure_email_gateway secure_email_and_web_manager_virtual_appliance_m100v secure_email_and_web_manager_virtual_appliance_m300v secure_email_and_web_manager_virtual_appliance_m600v secure_email_and_web_manager_m170 secure_email_and_web_manager_m190 secure_email_and_web_manager_m195 secure_email_and_web_manager_m380 +7 more products- Published: Feb. 05, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authentication
-
7.2
HIGHCVE-2025-20184
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. Th... Read more
Affected Products : asyncos secure_email_gateway secure_email_gateway_virtual_appliance_c100v secure_email_gateway_virtual_appliance_c300v secure_email_gateway_virtual_appliance_c600v secure_email_gateway_c195 secure_email_gateway_c395 secure_email_gateway_c695 secure_web_appliance_virtual_s1000v secure_web_appliance_virtual_s100v +5 more products- Published: Feb. 05, 2025
- Modified: Aug. 08, 2025
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2025-20183
A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and download a maliciou... Read more
- Published: Feb. 05, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2025-20180
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a u... Read more
Affected Products : secure_email_and_web_manager asyncos secure_email_gateway secure_email_gateway_virtual_appliance_c100v secure_email_gateway_virtual_appliance_c300v secure_email_gateway_virtual_appliance_c600v secure_email_gateway_c195 secure_email_gateway_c395 secure_email_gateway_c695 secure_email_and_web_manager_virtual_appliance_m100v +13 more products- Published: Feb. 05, 2025
- Modified: Aug. 15, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-20179
A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-b... Read more
- Published: Feb. 05, 2025
- Modified: Feb. 05, 2025
- Vuln Type: Cross-Site Scripting