CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

170 matches found

EUVD•added 2026/05/13 6:30 p.m.•6 views

EUVD-2026-29959

When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...

6.7CVSS5.8AI score0.00012EPSS

Exploits0References2

Vulnrichment•added 2026/05/13 2:12 p.m.•3 views

CVE-2026-28758 BIG-IP iControl REST vulnerability

6.7CVSS5.8AI score0.00012EPSS

Exploits0References1

Cvelist•added 2026/05/13 2:12 p.m.•22 views

CVE-2026-28758 BIG-IP iControl REST vulnerability

6.7CVSS0.00012EPSS

Exploits0References1

ATTACKERKB•added 2026/05/13 2:12 p.m.•2 views

CVE-2026-28758

6.7CVSS5.8AI score0.00012EPSS

Exploits0References2Affected Software1

F5 Networks•added 2026/05/13 12:35 p.m.•7 views

K000158070: iControl REST vulnerability CVE-2026-28758

Security Advisory Description When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged,...

6.7CVSS5.7AI score0.00012EPSS

Exploits0Affected Software30

CNNVD•added 2026/05/13 12:0 a.m.•5 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IP has a security vulnerability. This vulnerability stems from the fact that the...

6.7CVSS5.8AI score0.00012EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:19 a.m.•4 views

CVE-2021-22982

On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software versions which have reached End of Software Development EoSD are not evaluated...

7.2CVSS7.2AI score0.00434EPSS

Exploits0References1

OSSF Malicious Packages•added 2025/10/30 5:38 p.m.•2 views

Malicious code in epic-gtm-url-checker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8b3b6ddfbd2862202921c64ea326689bcf031a2b9580b6bba61e9598f6cc1586 The package epic-gtm-url-checker was found to contain malicious code...

7AI score

Exploits0

EUVD•added 2025/10/30 5:38 p.m.•0 views

EUVD-2025-37138

Malicious code in epic-gtm-url-checker npm...

6.6AI score

Exploits0

OSV•added 2025/10/30 5:38 p.m.•1 views

MAL-2025-49155 Malicious code in epic-gtm-url-checker (npm)

7AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-10100

Malware in sbrugna...

7.2CVSS7.1AI score0.00434EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-9072

Malicious code in bioql PyPI...

7.5CVSS8.2AI score0.00233EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-11458

Malicious code in bioql PyPI...

5.9CVSS6.6AI score0.00152EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-51502

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00286EPSS

Exploits0References1

OSV•added 2025/07/31 7:32 p.m.•1 views

MAL-2025-6424 Malicious code in intercom-gtm-js (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score

Exploits0

RedhatCVE•added 2025/05/23 10:37 a.m.•6 views

CVE-2024-8712

The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

6.1CVSS6.4AI score0.01829EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:50 a.m.•2 views

CVE-2024-11338

The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtm' and 'venue' parameters in all versions up to, and including, 2.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-lev...

6.4CVSS5AI score0.00196EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:52 p.m.•5 views

CVE-2022-23013

On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute...

8.8CVSS5.7AI score0.00759EPSS

Exploits0References1

RedhatCVE•added 2025/04/26 6:22 a.m.•2 views

CVE-2025-3736

Vulnerability in Drupal Simple GTM.This issue affects Simple GTM:...

5.9CVSS7AI score0.00152EPSS

Exploits0References3