Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server EMS deployments to deliver a credential-stealing malware family dubbed EKZ Infostealer. "The campaign abused trusted endpoint management infrastructure to deliver malware...

Astra Linux - уязвимость в bluez

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability, as the target must connect...

CVE-2022-23021

On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP...

EUVD-2006-7168

Malware in sbrugna...

EUVD-2020-27073

Malware in sbrugna...

EUVD-2018-17317

Malware in sbrugna...

EUVD-2005-2258

Malware in sbrugna...

EUVD-2023-55051

Malicious code in bioql PyPI...

EUVD-2025-3165

Malicious code in bioql PyPI...

EUVD-2022-28132

Malicious code in bioql PyPI...

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability

...

CVE-2025-8218 Real Spaces - WordPress Properties Directory Theme <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member'

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'changerolemember' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for...

CVE-2024-13060

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...

F5 BIG-IP APM Access Profile Vulnerability

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. An access profile vulnerability exists in F5 BIG-IP APM that can be exploited by an attacker to cause the Traffic Management Microkernel TMM t...

CVE-2025-23412

When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-23412

When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-23412 BIG-IP APM access profile vulnerability

When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-23412 BIG-IP APM access profile vulnerability

When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-23412

CVE-2025-23412 affects F5 BIG-IP APM: when an APM access profile is configured on a virtual server, undisclosed requests can cause TMM to terminate, yielding DoS on the data plane. Affected releases include BIG-IP APM 17.1.0–17.1.1 (fix in 17.1.2) and 16.1.3–16.1.4 (fix in 16.1.5). CVSSv3.1 base ...

F5 Networks BIG-IP : BIG-IP APM access profile vulnerability (K000141003)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.5 / 17.1.2. It is, therefore, affected by a vulnerability as referenced in the K000141003 advisory. When a BIG-IP APM access profile is configured on a virtual server, undisclosed requests can cause the Traffic...