Latest CVE Feed
-
9.1
CRITICALCVE-2025-53868
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support (EoTS... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
8.7
HIGHCVE-2025-53474
When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-41430
When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
5.7
MEDIUMCVE-2025-55078
In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
6.8
MEDIUMCVE-2025-54889
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XSS by users with elevated privileges. This issue affects... Read more
Affected Products : centreon_web- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.8
MEDIUMCVE-2025-54891
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects I... Read more
Affected Products : centreon_web- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2025-59483
A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
9.1
CRITICALCVE-2025-59481
A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful explo... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-58133
Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-59269
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-59268
On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) a... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-58132
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
8.2
HIGHCVE-2025-61553
An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access. G... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2025-6949
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-privileged user to create a new administrator account, incl... Read more
Affected Products : tn-4900_firmware- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
9.9
CRITICALCVE-2025-6950
An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens (JWT) used for authentication. This insecure implementation allows an ... Read more
Affected Products : tn-4900_firmware- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2023-28815
Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Cent... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
8.6
HIGHCVE-2025-26625
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current G... Read more
Affected Products : git_large_file_storage- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Path Traversal
-
4.0
MEDIUMCVE-2024-31573
XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2017-20206
The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the `wpmudev_appointments` cookie. This allows unauthenticated attackers to inject a PHP Object... Read more
Affected Products :- Published: Oct. 18, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2025-62652
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44.... Read more
Affected Products :- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting