EUVD-2026-29970

When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell tmsh command that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In Appliance mode...

CVE-2026-42937

CVE-2026-42937 affects BIG-IP and BIG-IQ, with incorrect permission assignments in TMOS Shell (tmsh) for arp/ndp and in iControl REST. An authenticated attacker can view adjacent network information via remote iControl REST or local tmsh, a purely control-plane issue with no data-plane exposure. ...

CVE-2026-40462 iControl REST and tmsh vulnerability

Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell tmsh undisclosed command which may allow an authenticated attacker to view sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-41954

CVE-2026-41954 affects F5 BIG-IP/iControl REST and tmsh. An authenticated resource administrator can view sensitive information via crafted requests (remote iControl REST or local tmsh). The F5 advisory lists affected branches: BIG-IP 21.x (vulnerable at 21.0.0; fix 21.0.0.1), 17.x (various sub-b...

K000160932: Quarterly Security Notification (May 2026)

Security Advisory Description On May 13, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can watch t...

K000160876: Appliance mode iControl REST vulnerability CVE-2026-42930

Security Advisory Description When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions on a BIG-IP system. CVE-2026-42930 Impact An authenticated attacker with local system access and the Administrator role may be...

io.quarkus/quarkus-rest: Quarkus REST Worker Thread Exhaustion Vulnerability

A flaw was found in the Quarkus REST HTTP layer. This vulnerability allows remote attackers to cause an application level denial of service by repeatedly dropping client connections while response chunks are being transmitted, leading to worker thread exhaustion...

ai.wanaku:cli (>=0.0.1 <=0.0.5), ai.wanaku:jbang (>=0.0.4 <=0.0.5) +296 more potentially affected by CVE-2025-66560 via io.quarkus:quarkus-rest (>=3.10.0 <=3.20.4)

io.quarkus:quarkus-rest MAVEN version =3.10.0, =0.0.1, =0.0.4, =0.0.1, =0.0.1, =0.0.1, =3.15.3, =3.15.3, =0.2.0.0, =0.4.8.0, =1.2.1, =1.2.2, =1.2.1, =1.2.2, =1.2.1, =1.2.2, =1.2.3 and more Source cves: CVE-2025-66560 Source advisory: OSV:GHSA-5RFX-CP42-P624...

EUVD-2022-5853

Malicious code in bioql PyPI...

EUVD-2025-2099

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-39323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features,...

CVE-2024-42463

Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue affects upKeeper Manager: through 5.1.9...

CVE-2025-1247 Io.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instance

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information...

CVE-2024-11197 Lock User Account <= 1.0.5 - User Lock Bypass

The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, t...

CVE-2024-2428

The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to...

F5 Networks BIG-IP : BIG-IP iControl REST vulnerability (K000137522)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137522 advisory. - When running in appliance mode, an authenticated remote command injection vulnerability exists in an...

CVE-2023-34469 Cold Rest Vulnerabiltiy

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality...

CVE-2023-34469 Cold Rest Vulnerabiltiy

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality...

CVE-2022-41617 BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 F5 BIG-IP iControl REST vulnerability RCE exploi...