K000160981: iControl REST and tmsh vulnerability CVE-2026-40698

Security Advisory Description A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell tmsh resulting in privilege escalation...

K000160979: BIG-IP iControl SOAP vulnerability CVE-2026-40631

Security Advisory Description An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. CVE-2026-40631 Impact This vulnerability may allow a remote, authenticated attacker with Resource...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability, which stems from the possibility for...

PT-2026-40635

Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to 17.1.3.2 BIG-IP versions prior to 17.5.1.6 BIG-IP versions prior to 21.0.0.2 BIG-IQ versions prior to 17.1.3.2 BIG-IQ versions prior to 17.5.1.6 BIG-IQ versions prior to 21.0.0.2 Description A flaw in BIG-IP and BIG-IQ...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability, which stems from the fact that highly privilege...

PT-2026-40642

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description A least privilege violation exists in iControl REST and the TMOS Shell tmsh. A highly privileged, authenticated attacker...

PT-2026-40660

Name of the Vulnerable Software and Affected Versions iControl REST affected versions not specified Description A flaw in iControl REST allows a highly privileged, authenticated attacker with at least the Manager role to create configuration objects that enable the execution of arbitrary commands...

F5 BIG-IP 命令注入漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a command injection vulnerability. This vulnerability stems from the fact...

seerr 安全漏洞

Seerr is an open-source media request and discovery manager developed by the Seerr Team. Versions of Seerr prior to 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the GET /api/v1/user/:id endpoint, which would return a complete set of configuration objects to any...

EUVD-2016-0899

Malware in sbrugna...

DRUPAL-CONTRIB-2023-037

This module enables you to build administrative pages for managing configuration objects, which may then be used elsewhere in the site. The module doesn't sufficiently validate access when the JSONAPI module is also installed. This vulnerability is mitigated by the fact that it only affects sites...

Config Pages - Moderately critical - Information Disclosure - SA-CONTRIB-2023-037

This module enables you to build administrative pages for managing configuration objects, which may then be used elsewhere in the site. The module doesn't sufficiently validate access when the JSONAPI module is also installed. This vulnerability is mitigated by the fact that it only affects sites...

CVE-2023-28656

NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-28656

NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-28656 NGINX Management Suite vulnerability

NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000132719: BIG-IQ iControl REST vulnerability CVE-2023-29240

Security Advisory Description An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ system can upload arbitrary files using an undisclosed iControl REST endpoint. CVE-2023-29240 Impact This vulnerability may allow an authenticated attacker with network access to iControl REST to...

K000133417: NGINX Management Suite vulnerability CVE-2023-28656

Security Advisory Description NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. CVE-2023-28656 Impact This vulnerability may allow an authenticated attacker to bypass the authorization policy and read or modif...

PT-2023-2758 · Nginx · Nginx Instance Manager +3

Name of the Vulnerable Software and Affected Versions: NGINX Management Suite affected versions not specified NGINX Instance Manager affected versions not specified NGINX API Connectivity Manager affected versions not specified NGINX Security Monitoring affected versions not specified Description...

Icinga 安全漏洞

Icinga is a scalable server and network resource monitoring system from the German company Icinga. A security vulnerability exists in Icinga that stems from a privilege escalation issue in Icinga from versions 2.4.0 to 2.12.4 that allows authenticated API users. The vulnerability can be exploited...

SAP NetWeaver Unauthorized Access Vulnerability

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50, which...