Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server EMS deployments to deliver a credential-stealing malware family dubbed EKZ Infostealer. "The campaign abused trusted endpoint management infrastructure to deliver malware...

CVE-2022-23021

On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP...

EUVD-2005-2258

Malware in sbrugna...

EUVD-2006-7168

Malware in sbrugna...

EUVD-2018-17317

Malware in sbrugna...

EUVD-2020-27073

Malware in sbrugna...

EUVD-2023-55051

Malicious code in bioql PyPI...

EUVD-2022-28132

Malicious code in bioql PyPI...

EUVD-2025-3165

Malicious code in bioql PyPI...

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability

...

CVE-2025-8218 Real Spaces - WordPress Properties Directory Theme <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member'

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'changerolemember' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for...

The vulnerability of the Access profile component of the access control and remote authentication solution BIG-IP Access Policy Manager allows a perpetrator to trigger a service failure.

The vulnerability of the Access profile component of the BIG-IP Access Policy Manager access control and remote authentication system lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow a malicious actor to cause service...

CVE-2024-13060

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...

F5 BIG-IP APM Access Profile Vulnerability

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. An access profile vulnerability exists in F5 BIG-IP APM that can be exploited by an attacker to cause the Traffic Management Microkernel TMM t...

CVE-2025-23412

When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-23412

When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-23412 BIG-IP APM access profile vulnerability

When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-23412

CVE-2025-23412 affects F5 BIG-IP APM: when an APM access profile is configured on a virtual server, undisclosed requests can cause TMM to terminate, yielding DoS on the data plane. Affected releases include BIG-IP APM 17.1.0–17.1.1 (fix in 17.1.2) and 16.1.3–16.1.4 (fix in 16.1.5). CVSSv3.1 base ...

CVE-2025-23412 BIG-IP APM access profile vulnerability

When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2025-5735

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP affected versions not specified Description: When the BIG-IP APM Access Profile is configured on a virtual server, an undisclosed request can cause the TMM to terminate. Software versions that have reached the End of Technical Suppo...