CVE-2026-8074 Improper Permission Check Allows User Manager to Deactivate Bot Accounts

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/id/active API...

CVE-2026-41225

A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-42406

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-39459

A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-27768

CVE-2026-27768 is a SQL Injection vulnerability affecting the Access Manager role. The CVSS 3.1 vector (NETWORK, HIGH complexity, HIGH privileges required, NONE user interaction) yields a base score of 6.6 (MEDIUM). The provided documents do not specify affected products/versions beyond attributi...

EUVD-2026-31705

SQL Injection affecting the Access Manager role...

CVE-2026-27768

SQL Injection affecting the Access Manager role...

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000160863)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160863 advisory. A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticat...

F5 Networks BIG-IP : iControl REST vulnerability (K000160916)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160916 advisory. A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at leas...

CVE-2026-31069

BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...

EUVD-2026-29986

A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

EUVD-2026-29961

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

EUVD-2026-29968

A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-41225

A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-39459

A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-32643

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-41225

CVE-2026-41225 affects F5 BIG-IP iControl REST. A highly privileged, authenticated user (Manager) can create configuration objects that execute arbitrary commands. Impact is control-plane–level: privilege escalation and possible cross-boundary access in appliances; data plane remains unaffected p...

CVE-2026-39459 iControl REST and tmsh vulnerability

A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-39459

CVE-2026-39459 affects BIG-IP products via iControl REST and the TMOS Shell (tmsh). An authenticated attacker with at least the Manager role over the network can create configuration objects that enable execution of arbitrary commands on the system. The F5 advisory lists affected branches and vul...

CVE-2026-39459 iControl REST and tmsh vulnerability

A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...