13373 matches found
CVE-2025-59781 BIG-IP DNS cache vulnerability
When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-47150 F5OS SNMP vulnerability
When SNMP is configured on F5OS Appliance and Chassis systems, undisclosed requests can cause an increase in SNMP memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-59781
CVE-2025-59781 affects BIG-IP and BIG-IP Next CNF DNS cache configurations. When DNS cache is enabled on a BIG-IP virtual server, undisclosed DNS queries can cause increased memory utilization, potentially degrading performance or causing DoS via TMM process restart. Affected products include BIG...
CVE-2025-47148 BIG-IP APM and SSL Orchestrator vulnerability
When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...
CVE-2025-47148 BIG-IP APM and SSL Orchestrator vulnerability
When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...
CVE-2025-47148
CVE-2025-47148 affects BIG-IP with APM/SSL Orchestrator when configured as both SAML SP and IdP with SLO enabled; undisclosed requests can cause memory resource exhaustion, leading to DoS on the BIG-IP data plane. F5’s October 2025 security bundle K000156572 provides fixes across multiple branche...
CVE-2025-11722 Category and Products Accordion Panel <= 1.0 - Authenticated (Contributor+) Local File Inclusion
The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'categoryaccordionpanel' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
UBUNTU-CVE-2025-39998
In the Linux kernel, the following vulnerability has been resolved: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow A buffer overflow arises from the usage of snprintf to write into the buffer "buf" in targetlugpmembersshow function located in...
CVE-2025-39998 scsi: target: target_core_configfs: Add length check to avoid buffer overflow
In the Linux kernel, the following vulnerability has been resolved: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow A buffer overflow arises from the usage of snprintf to write into the buffer "buf" in targetlugpmembersshow function located in...
Malicious Package
Overview summerfi-typescript-config-security-notice is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview yajusenpai is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
CVE-2011-10033 WordPress Plugin is-human <= v1.4.2 Eval Injection RCE
The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution of...
[SECURITY] Fedora 42 Update: mirrorlist-server-3.0.8-1.fc42
The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A security vulnerability exists in F5 BIG-IP that stems from an iRule containing the HTTP::respond command that could lead to...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in the SSL/TLS module of BIG-IP. The vulnerability arises because when configuring a...
WordPress plugin Lisfinity Core 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lisfinity Core plugin, which stems from assigning the editor role by default and not restricting API usage, no...
F5 BIG-IP 安全漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A security vulnerability exists in F5 BIG-IP that stems from an undisclosed request that could lead to an increase in memory resource...
F5 F5OS-A和F5 F5OS-C 安全漏洞
F5 F5OS-A and F5 F5OS-C are both products of F5 Corporation, U.S.A. F5 F5OS-A is an operating system software.F5 F5OS-C is an operating system software on VELOS hardware. A security vulnerability exists in F5 F5OS-A and F5 F5OS-C that stems from an undisclosed request that could result in increas...
F5 BIG-IP和F5 BIG-IP Next CNF 安全漏洞
F5 BIG-IP and F5 BIG-IP Next CNF are both products of F5 Corporation, U.S.A. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and more.F5 BIG-IP Next CNF is a cloud-native network function solution. A securi...
jwt-go allows excessive memory allocation during header parsing
golang-jwt is vulnerable to excessive memory allocation due to improper handling of the parse.ParseUnverified function. This could allow an attacker to cause significant memory consumption by sending a malicious request with an Authorization header containing many period characters...