Lucene search
+L

637 matches found

osv
osv
added 2026/05/21 4:46 p.m.8 views

GHSA-VRXG-GM77-7Q5G Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS

HTTP transports expose unauthenticated PowerShell control with wildcard CORS There is an issue in the SSE and Streamable HTTP transport modes. The default stdio mode is not affected, but the documented HTTP modes expose the MCP control plane without authentication and add wildcard CORS handling...

9.3CVSS6.1AI score0.00397EPSS
Exploits0References4
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in OVN

A flaw was discovered in Open Virtual Network, where the service monitor MAC does not properly implement rate limiting. This issue could allow an attacker to cause a denial of service, even in deployments with CoPP enabled and properly configured...

5.3CVSS6.4AI score0.00994EPSS
Exploits0References2
f5
f5
added 2026/05/13 1:30 p.m.16 views

K000156734: BIG-IP Configuration utility vulnerability CVE-2026-40699

Security Advisory Description A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. CVE-2026-40699 Impact This vulnerability may allow a low-privileged authenticated...

7.1CVSS5.7AI score0.00277EPSS
Exploits0Affected Software11
f5
f5
added 2026/05/13 1:28 p.m.18 views

K000159021: iControl SOAP vulnerability CVE-2026-35062

Security Advisory Description An authenticated iControl SOAP user may be able to obtain information of other accounts. CVE-2026-35062 Impact A low privileged authenticated remote attacker may be able to obtain information of other local accounts. There is no data plane exposure; this is a control...

7.1CVSS5.7AI score0.00248EPSS
Exploits0Affected Software11
f5
f5
added 2026/05/13 1:25 p.m.16 views

K000161107: BIG-IP tmsh vulnerability CVE-2026-41217

Security Advisory Description A vulnerability exists in an undisclosed BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with resource administrator or administrator role to execute arbitrary system commands with higher privileges. In Appliance mode deployments, a successful...

8.3CVSS5.8AI score0.00107EPSS
Exploits0Affected Software11
f5
f5
added 2026/05/13 1:17 p.m.14 views

K000149743: BIG-IP SSL Orchestrator vulnerability CVE-2026-42780

Security Advisory Description A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files. CVE-2026-42780 Impact An authenticated attacker with high privilege may exploit this...

6.9CVSS5.8AI score0.00886EPSS
Exploits0Affected Software1
f5
f5
added 2026/05/13 1:14 p.m.16 views

K000156581: iControl REST and tmsh vulnerability CVE-2026-40462

Security Advisory Description Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS Shell tmsh undisclosed command which may allow an authenticated attacker to view sensitive information. CVE-2026-40462 Impact An authenticated attacker may exploit these vulnerabilities b...

7.1CVSS5.7AI score0.00248EPSS
Exploits0Affected Software11
f5
f5
added 2026/05/13 1:8 p.m.24 views

K000160863: iControl REST and tmsh vulnerability CVE-2026-39459

Security Advisory Description A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. CVE-2026-39459 Impact This vulnerability may allow...

8.6CVSS6AI score0.00257EPSS
Exploits0Affected Software11
f5
f5
added 2026/05/13 12:43 p.m.14 views

K000160972: BIG-IP and BIG-IQ privilege escalation vulnerability CVE-2026-32643

Security Advisory Description A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. CVE-2026-32643 Impact This vulnerability may allow...

8.7CVSS5.9AI score0.00156EPSS
Exploits0Affected Software12
f5
f5
added 2026/05/13 12:41 p.m.15 views

K000160971: BIG-IP and BIG-IQ privilege escalation vulnerability CVE-2026-42406

Security Advisory Description A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. CVE-2026-42406 Impact This vulnerability may allow...

8.7CVSS6AI score0.0015EPSS
Exploits0Affected Software12
f5
f5
added 2026/05/13 12:35 p.m.15 views

K000158070: iControl REST vulnerability CVE-2026-28758

Security Advisory Description When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged,...

6.7CVSS5.7AI score0.00083EPSS
Exploits0Affected Software1
f5
f5
added 2026/05/13 12:30 p.m.16 views

K000156604: BIG-IP httpd access control vulnerability CVE-2026-40435

Security Advisory Description When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. CVE-2026-40435 Impact This vulnerability allows an attacker to connect to the BIG-IP control plane HTTP services; however, the...

6.9CVSS5.7AI score0.00228EPSS
Exploits0Affected Software11
f5
f5
added 2026/05/13 12:27 p.m.13 views

K35544022: BIG-IP Configuration utility CSRF vulnerability CVE-2026-40703

Security Advisory Description A cross-site request forgery CSRF vulnerability exists in the dashboard of the BIG-IP Configuration utility. CVE-2026-40703 Impact A remote, unauthenticated attacker may exploit this vulnerability by causing an authenticated user to send a crafted request to the BIG-...

5.4CVSS5.6AI score0.00104EPSS
Exploits0Affected Software11
f5
f5
added 2026/05/13 12:26 p.m.14 views

K000158971: BIG-IP Appliance mode vulnerability CVE-2026-42919

Security Advisory Description A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. CVE-2026-42919 Impact The vulnerability allows the...

7.1CVSS5.8AI score0.00288EPSS
Exploits0Affected Software11
f5
f5
added 2026/05/13 12:25 p.m.14 views

K000160874: BIG-IP Configuration utility vulnerability CVE-2026-39455

Security Advisory Description When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. CVE-2026-39455 Impact The Configuration utility stops...

8.7CVSS5.7AI score0.003EPSS
Exploits0Affected Software11
f5
f5
added 2026/05/13 12:18 p.m.17 views

K000160975: BIG-IP privilege escalation vulnerability CVE-2026-41953

Security Advisory Description A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. CVE-2026-41953 Impact This vulnerability may allow a highly...

8.7CVSS5.5AI score0.00248EPSS
Exploits0Affected Software11
f5
f5
added 2026/05/13 12:15 p.m.23 views

K000160903: iControl REST vulnerability CVE-2026-42058

Security Advisory Description An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names. CVE-2026-42058 Impact This vulnerability allows for a remote authenticated attacker with network access to the iControl REST...

5.3CVSS5.8AI score0.00187EPSS
Exploits0Affected Software11
f5
f5
added 2026/05/13 12:13 p.m.28 views

K000160916: iControl REST vulnerability CVE-2026-41225

Security Advisory Description A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. CVE-2026-41225 Impact This vulnerability may allow a highly privileged...

9.1CVSS5.6AI score0.00272EPSS
Exploits0Affected Software11
f5
f5
added 2026/05/13 12:12 p.m.19 views

K000160979: BIG-IP iControl SOAP vulnerability CVE-2026-40631

Security Advisory Description An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. CVE-2026-40631 Impact This vulnerability may allow a remote, authenticated attacker with Resource...

8.7CVSS5.5AI score0.00248EPSS
Exploits0Affected Software11
f5
f5
added 2026/05/13 11:59 a.m.12 views

K000156761: BIG-IP and BIG-IQ Configuration utility vulnerability CVE-2026-41957

Security Advisory Description An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. CVE-2026-41957 Impact This vulnerability may allow an authenticated attacker with network access to the Configuration utility throu...

8.8CVSS6.6AI score0.00514EPSS
Exploits0Affected Software12
Rows per page
Query Builder