Lucene search
K

80 matches found

CVE
CVE
added 2025/10/15 1:55 p.m.17 views

CVE-2025-61960

CVE-2025-61960 affects BIG-IP APM portal access. When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can trigger a NULL-pointer/related issue in TMM, causing the Traffic Management Microkernel (TMM) to terminate. This is a data-plane DoS risk ...

8.7CVSS6.4AI score0.00317EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/15 1:55 p.m.10 views

CVE-2025-61960 BIG-IP APM portal access vulnerability

When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.11 views

F5 BIG-IP 代码问题漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A code issue vulnerability exists in F5 BIG-IP that stems from the configuration of a per-request policy where undisclosed traffic could cause...

8.7CVSS6.6AI score0.00317EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/15 12:0 a.m.3 views

F5 Networks BIG-IP : BIG-IP APM portal access vulnerability (K000156597)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6.1 / 17.1.3 / 17.5.1.3. It is, therefore, affected by a vulnerability as referenced in the K000156597 advisory. When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffi...

8.7CVSS5.6AI score0.00317EPSS
Exploits0References2
NVD
NVD
added 2025/10/10 8:15 p.m.5 views

CVE-2025-61925

Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation. It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious reque...

6.5CVSS0.00386EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-41125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP...

6.5CVSS7.1AI score0.01196EPSS
Exploits0References2
OSV
OSV
added 2025/04/15 9:21 p.m.3 views

GHSA-HF3C-WXG2-49Q9 vLLM vulnerable to Denial of Service by abusing xgrammar cache

Impact This report is to highlight a vulnerability in XGrammar, a library used by the structured output feature in vLLM. The XGrammar advisory is here: https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3 The xgrammar library is the default backend used by vLLM to support...

6.5CVSS5.9AI score
Exploits0References5
OSV
OSV
added 2025/01/11 1:15 p.m.6 views

AZL-62684 CVE-2024-57804 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs interface to enable/disable PHYs in a controller/expander setup. When multiple PHYs are disabled and...

5.5CVSS6.7AI score0.00176EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/04 12:0 a.m.9 views

PT-2025-3582

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the scsi: mpi3mr driver. The driver exposes a sysfs interface to enable or disable PHYs in a controller/expander setup...

5.5CVSS5.4AI score0.00176EPSS
Exploits0
OSV
OSV
added 2024/08/23 3:15 p.m.2 views

UBUNTU-CVE-2024-43791

RequestStore provides per-request global storage for Rack. The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not...

7.8CVSS6AI score0.00194EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.1 views

SUSE CVE-2021-41125

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

6.5CVSS7.7AI score0.01196EPSS
Exploits0References3
OSV
OSV
added 2021/10/06 6:15 p.m.2 views

DEBIAN-CVE-2021-41125

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

6.5CVSS7.2AI score0.01196EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/10/06 6:15 p.m.16 views

CVE-2021-41125

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

6.5CVSS6.9AI score0.01196EPSS
Exploits0References6
PyPA
PyPA
added 2021/10/06 6:15 p.m.5 views

PYSEC-2021-363

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

6.5CVSS7.1AI score0.01196EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/10/06 6:15 p.m.3 views

CVE-2021-41125

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

6.5CVSS6.9AI score0.01196EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/10/06 6:15 p.m.2 views

UBUNTU-CVE-2021-41125

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

6.5CVSS5.8AI score0.01196EPSS
Exploits0References7
PyPA
PyPA
added 2021/10/05 9:15 p.m.4 views

PYSEC-2021-364

Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for Splash authentication will have any non-Splash request expose your credentials to the request target. This includ...

7.5CVSS7.1AI score0.01077EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/05/10 3:22 p.m.2 views

GHSA-GQ28-H5VG-8PRX Privilege escalation in spring security

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen it must be programmed in...

8.8CVSS6.9AI score0.03197EPSS
Exploits0References19
OSV
OSV
added 2018/07/25 2:29 p.m.2 views

CVE-2018-5536

A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 or 12.1.0-12.1.3.5 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module...

7.5CVSS5.8AI score0.02355EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2017/11/28 12:0 a.m.28 views

CVE-2017-15119

The Network Block Device NBD server in Quick Emulator QEMU before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from...

8.6CVSS6.8AI score0.03325EPSS
Exploits0References3
Rows per page
Query Builder