Lucene search
K

13373 matches found

Vulnrichment
Vulnrichment
added 2025/10/15 1:55 p.m.3 views

CVE-2025-59781 BIG-IP DNS cache vulnerability

When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.4AI score0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/15 1:55 p.m.4 views

CVE-2025-47150 F5OS SNMP vulnerability

When SNMP is configured on F5OS Appliance and Chassis systems, undisclosed requests can cause an increase in SNMP memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.1CVSS6.5AI score0.00347EPSS
Exploits0References1
CVE
CVE
added 2025/10/15 1:55 p.m.26 views

CVE-2025-59781

CVE-2025-59781 affects BIG-IP and BIG-IP Next CNF DNS cache configurations. When DNS cache is enabled on a BIG-IP virtual server, undisclosed DNS queries can cause increased memory utilization, potentially degrading performance or causing DoS via TMM process restart. Affected products include BIG...

8.7CVSS6.4AI score0.00317EPSS
Exploits0References1Affected Software21
Vulnrichment
Vulnrichment
added 2025/10/15 1:55 p.m.4 views

CVE-2025-47148 BIG-IP APM and SSL Orchestrator vulnerability

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

7.1CVSS6.4AI score0.00357EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/15 1:55 p.m.8 views

CVE-2025-47148 BIG-IP APM and SSL Orchestrator vulnerability

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

7.1CVSS0.00357EPSS
Exploits0References1
CVE
CVE
added 2025/10/15 1:55 p.m.15 views

CVE-2025-47148

CVE-2025-47148 affects BIG-IP with APM/SSL Orchestrator when configured as both SAML SP and IdP with SLO enabled; undisclosed requests can cause memory resource exhaustion, leading to DoS on the BIG-IP data plane. F5’s October 2025 security bundle K000156572 provides fixes across multiple branche...

7.1CVSS6.4AI score0.00357EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/10/15 8:25 a.m.8 views

CVE-2025-11722 Category and Products Accordion Panel <= 1.0 - Authenticated (Contributor+) Local File Inclusion

The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'categoryaccordionpanel' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

7.5CVSS0.00584EPSS
Exploits0References3
OSV
OSV
added 2025/10/15 8:15 a.m.3 views

UBUNTU-CVE-2025-39998

In the Linux kernel, the following vulnerability has been resolved: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow A buffer overflow arises from the usage of snprintf to write into the buffer "buf" in targetlugpmembersshow function located in...

6.1AI score0.00235EPSS
Exploits0References33
OSV
OSV
added 2025/10/15 7:58 a.m.2 views

CVE-2025-39998 scsi: target: target_core_configfs: Add length check to avoid buffer overflow

In the Linux kernel, the following vulnerability has been resolved: scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow A buffer overflow arises from the usage of snprintf to write into the buffer "buf" in targetlugpmembersshow function located in...

7AI score0.00235EPSS
Exploits0References12
Snyk
Snyk
added 2025/10/15 6:4 a.m.1 views

Malicious Package

Overview summerfi-typescript-config-security-notice is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/10/15 1:59 a.m.2 views

Malicious Package

Overview yajusenpai is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/15 1:23 a.m.6 views

CVE-2011-10033 WordPress Plugin is-human <= v1.4.2 Eval Injection RCE

The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution of...

9.3CVSS7.8AI score0.00436EPSS
Exploits0References5
Fedora
Fedora
added 2025/10/15 1:1 a.m.9 views

[SECURITY] Fedora 42 Update: mirrorlist-server-3.0.8-1.fc42

The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...

5.9CVSS6.9AI score0.0038EPSS
Exploits0
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.3 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A security vulnerability exists in F5 BIG-IP that stems from an iRule containing the HTTP::respond command that could lead to...

8.7CVSS6.6AI score0.00394EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.3 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in the SSL/TLS module of BIG-IP. The vulnerability arises because when configuring a...

8.7CVSS6.6AI score0.0042EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.4 views

WordPress plugin Lisfinity Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lisfinity Core plugin, which stems from assigning the editor role by default and not restricting API usage, no...

7.3CVSS7AI score0.00208EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.4 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A security vulnerability exists in F5 BIG-IP that stems from an undisclosed request that could lead to an increase in memory resource...

7.1CVSS6.4AI score0.00357EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.5 views

F5 F5OS-A和F5 F5OS-C 安全漏洞

F5 F5OS-A and F5 F5OS-C are both products of F5 Corporation, U.S.A. F5 F5OS-A is an operating system software.F5 F5OS-C is an operating system software on VELOS hardware. A security vulnerability exists in F5 F5OS-A and F5 F5OS-C that stems from an undisclosed request that could result in increas...

7.1CVSS6.6AI score0.00347EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.5 views

F5 BIG-IP和F5 BIG-IP Next CNF 安全漏洞

F5 BIG-IP and F5 BIG-IP Next CNF are both products of F5 Corporation, U.S.A. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and more.F5 BIG-IP Next CNF is a cloud-native network function solution. A securi...

8.7CVSS6.4AI score0.00317EPSS
Exploits0References2
Broadcom
Broadcom
added 2025/10/15 12:0 a.m.13 views

jwt-go allows excessive memory allocation during header parsing

golang-jwt is vulnerable to excessive memory allocation due to improper handling of the parse.ParseUnverified function. This could allow an attacker to cause significant memory consumption by sending a malicious request with an Authorization header containing many period characters...

7.5CVSS6.9AI score0.00693EPSS
Exploits0
Rows per page
Query Builder