Lucene search
K

5847 matches found

Nuclei
Nuclei
added 5 hours ago100 views

F5 BIG-IP - Unauthenticated RCE via AJP Smuggling

CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution RCE. The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass...

9.8CVSS7.6AI score0.96515EPSS
Exploits17References5
Nuclei
Nuclei
added yesterday72 views

F5 BIG-IP Appliance Mode - Command Injection

When running in Appliance mode, an authenticated user assigned the Administrator role may bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. id: CVE-2022-41800 info: name: F5 BIG-IP Appliance Mode - Command Injection author: dwisiswant0 severity: high description...

9.8CVSS7.1AI score0.99956EPSS
Exploits70References5
Nuclei
Nuclei
added 3 days ago77 views

F5 iControl REST - Remote Command Execution

F5 iControl REST interface is susceptible to remote command execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. This affects BIG-IP 16.0.x before 16.0.1.1, 15.1.x before...

10CVSS7.2AI score0.99898EPSS
Exploits20References5
F5 Networks
F5 Networks
added 2026/07/02 8:45 a.m.14 views

K000162041: Spring Framework vulnerabilities CVE-2026-41843 and CVE-2026-41846

Security Advisory Description CVE-2026-41843 Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. CVE-2026-41846 Spri...

6.1CVSS5.9AI score0.00341EPSS
Exploits0
OSV
OSV
added 2026/06/30 1:30 p.m.3 views

MINI-H48X-F5XV-6PR5

Bulletin has no description...

8.6CVSS6.6AI score0.00273EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/25 4:17 p.m.8 views

K000161911: Node.js vulnerability CVE-2026-48936

Security Advisory Description A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26. CVE-2026-48936 Impact There is no impact; F5 products are not...

3.3CVSS6AI score0.00154EPSS
Exploits0
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.155 views

F5 BIG-IP iControl - REST Auth Bypass RCE

F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, may allow undisclosed requests to bypass iControl REST authentication. id: CVE-2022-1388 info: name: F5 BIG-IP...

9.8CVSS8.7AI score0.99956EPSS
Exploits63References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.52 views

F5 BIG-IP TMUI - Remote Code Execution

F5 BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface TMUI, also referred to as the Configuration utility, has a Remote Code Execution RCE vulnerability in undisclosed pages. id: CVE-2020-5902 info: name: ...

10CVSS7.9AI score0.99999EPSS
Exploits60References12
Imperva Blog
Imperva Blog
added 2026/06/15 8:58 a.m.28 views

Best WAAP Solutions for Enterprise Application Security: How to Choose the Right Platform in 2026

Key Takeaways The major enterprise WAAP solutions evaluated in this guide are Akamai, Cloudflare, F5, Fastly, Fortinet, Imperva, and Radware. In the most recent independent benchmarks, Akamai, Cloudflare, and Imperva were named Leaders in the Forrester Wave: Web Application Firewall Solutions, Q1...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.11 views

CVE-2026-43624

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

8.8CVSS5.6AI score0.00393EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/06/04 12:16 a.m.8 views

doc-redaction (>=2.2.0 <=2.3.0), f5-tts (=1.1.20) +8 more potentially affected by CVE-2026-10783 via gradio (>=6.0.0 <=6.11.0)

gradio PYPI version =6.0.0, =2.2.0, =2.1.1, =0.0.1, =1.14.0, =2.10.0 Source cves: CVE-2026-10783 Source advisory: SNYK:PYTHON-GRADIO-17146861...

2.5CVSS5.7AI score0.00106EPSS
Exploits1
NVD
NVD
added 2026/06/01 7:16 p.m.14 views

CVE-2026-43624

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

8.8CVSS0.00393EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/01 6:16 p.m.36 views

CVE-2026-43624 F5-TTS 1.1.20 Path Traversal via finetune_gradio.py create_data_project()

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

8.8CVSS0.00393EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/01 6:16 p.m.10 views

CVE-2026-43624 F5-TTS 1.1.20 Path Traversal via finetune_gradio.py create_data_project()

F5-TTS through version 1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized user-supplied project names directly to os.path.join without validating the resulting path stays within the...

8.8CVSS5.9AI score0.00393EPSS
Exploits0References4
CVE
CVE
added 2026/06/01 6:16 p.m.28 views

CVE-2026-43624

F5-TTS up to v1.1.20 contains a path traversal vulnerability in the finetune Gradio handlers that allows unauthenticated attackers to write arbitrary files by passing unsanitized project names to os.path.join() without validating the resulting path. An attacker can supply absolute paths (e.g., /t...

8.8CVSS5.9AI score0.00393EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/05/27 5:34 p.m.8 views

doc-redaction (>=2.2.0 <=2.3.0), f5-tts (=1.1.20) +8 more potentially affected by CVE-2026-48545 via gradio (>=6.0.0 <=6.11.0)

gradio PYPI version =6.0.0, =2.2.0, =2.1.1, =0.0.1, =1.14.0, =2.10.0 Source cves: CVE-2026-48545 Source advisory: SNYK:PYTHON-GRADIO-16960000...

7.6CVSS5.7AI score0.0035EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.8 views

F5 Networks BIG-IP : BIG-IP SSL vulnerability (K000158082)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000158082 advisory. When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition VE without Intel...

8.7CVSS5.8AI score0.00324EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.8 views

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000156581)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000156581 advisory. Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS Shell tmsh undisclosed...

7.1CVSS5.9AI score0.00248EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.11 views

F5 Networks BIG-IP : Appliance mode iControl REST vulnerability (K000160876)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160876 advisory. When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able ...

8.7CVSS5.8AI score0.0048EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.12 views

F5 Networks BIG-IP : iControl REST vulnerability (K000160903)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160903 advisory. An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information le...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References2
Rows per page
Query Builder