Tables app allows limited SQLi in ORDER BY with malicious sort order argument for Table Views

None...

K000160981: iControl REST and tmsh vulnerability CVE-2026-40698

Security Advisory Description A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell tmsh resulting in privilege escalation...

K000160901: BIG-IP DTLS vulnerability CVE-2026-42920

Security Advisory Description When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2026-42920 Impact Traffic is disrupted while the TMM process restarts. This...

K000160975: BIG-IP privilege escalation vulnerability CVE-2026-41953

Security Advisory Description A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. CVE-2026-41953 Impact This vulnerability may allow a highly...

K000161023: BIG-IP SIP profile vulnerability CVE-2026-40423

Security Advisory Description When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2026-40423 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote, unauthenticated...

K000160903: iControl REST vulnerability CVE-2026-42058

Security Advisory Description An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names. CVE-2026-42058 Impact This vulnerability allows for a remote authenticated attacker with network access to the iControl REST...

K000161040: BIG-IP scripted monitor vulnerability CVE-2026-32673

Security Advisory Description A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allo...

K000160916: iControl REST vulnerability CVE-2026-41225

Security Advisory Description A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. CVE-2026-41225 Impact This vulnerability may allow a highly privileged...

K000160979: BIG-IP iControl SOAP vulnerability CVE-2026-40631

Security Advisory Description An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. CVE-2026-40631 Impact This vulnerability may allow a remote, authenticated attacker with Resource...

K000160926: BIG-IP iControl SOAP vulnerability CVE-2026-42924

Security Advisory Description An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. CVE-2026-42924 Impact This vulnerability may allow a remote, authenticated attacker with...

K000160945: BIG-IP DNS Cache vulnerability CVE-2026-39458

Security Advisory Description When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2026-39458 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows...

K000160911: Appliance mode iControl REST vulnerability CVE-2026-24464

Security Advisory Description When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files. CVE-2026-24464 Impact In...

K000160876: Appliance mode iControl REST vulnerability CVE-2026-42930

Security Advisory Description When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions on a BIG-IP system. CVE-2026-42930 Impact An authenticated attacker with local system access and the Administrator role may be...

K000156761: BIG-IP and BIG-IQ Configuration utility vulnerability CVE-2026-41957

Security Advisory Description An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility. CVE-2026-41957 Impact This vulnerability may allow an authenticated attacker with network access to the Configuration utility throu...

Security Bulletin: Vulnerability in pypdf bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage include pypdf which could cause infinite loop vulnerability. CVE-2026-24688. Vulnerability Details CVEID:CVE-2026-24688 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop...

Security Bulletin: Vulnerability in google.protobuf with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes google.protobuf, which could cause denial-of-service DoS vulnerability. CVE-2026-0994. Vulnerability Details CVEID:CVE-2026-0994 DESCRIPTION: A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict ...

Security Bulletin: Vulnerabilities in Hugging Face Transformers bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes the Hugging Face Transformers library, which could allow a remote attacker to execute arbitrary code on affected installations. These vulnerabilities exist due to the lack of proper validation of user-supplied data during the...

Security Bulletin: Vulnerability in DiskCache with IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage includes DiskCache python-diskcache. Following vulnerability can achieve arbitrary code execution. CVE-2025-69872. Vulnerability Details CVEID:CVE-2025-69872 DESCRIPTION: DiskCache python-diskcache through 5.6.3 uses Python...

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low ...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copyfail-sh No race. No offsets. No prebuilt binary to blin...