14726 matches found
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts
PoC exploit for CVE-2024-53677, a vulnerability in Apache Struts...
EUVD-2025-34643
When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have...
EUVD-2025-34649
When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-61935
CVE-2025-61935 affects BIG-IP Advanced WAF/ASM (bd process). Undisclosed requests can terminate the bd process, causing DoS-like disruption on BIG-IP data plane. Vulnerable when running BIG-IP Next/16.x? and 15.x ranges as listed (e.g., 17.5.0; 17.1.0–17.1.2; 15.1.0–15.1.10). Fixed in 17.5.1, 17....
CVE-2025-61935 BIG-IP Advanced WAF and ASM vulnerability
When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-61938
When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have...
CVE-2025-54858
CVE-2025-54858 affects BIG-IP Advanced WAF/ASM where a malformed JSON schema in a JSON content profile can cause the bd process to terminate on a configured virtual server, triggering DoS. Affected BIG-IP branches include BIG-IP Advanced WAF/ASM (16.x, 17.x) with fixes introduced in 17.5.1.3 and ...
CVE-2025-61938 BIG-IP Advanced WAF and ASM bd process vulnerability
When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have...
CVE-2025-61938
CVE-2025-61938 affects BIG-IP Advanced WAF/ASM when a Data Guard Protection Enforcement URL exceeds 1024 characters, causing the bd process to terminate repeatedly and prompting a DoS risk. Exploitation details are not described beyond this configuration-based trigger in the provided sources. Mit...
CVE-2025-55669
CVE-2025-55669 affects BIG-IP, specifically the HTTP/2 vulnerability impacting the Advanced WAF/ASM stack. Undisclosed traffic can terminate the Traffic Management Microkernel (TMM), causing DoS on new connections. Connected advisories list vulnerable branches and fixes: for BIG-IP ASM the fix is...
CVE-2025-55669 BIG-IP HTTP/2 vulnerability
When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2025-59269 BIG-IP Configuration utility XSS vulnerability
A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
K000156621: BIG-IP Advanced WAF and ASM vulnerability CVE-2025-54858
Security Advisory Description When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is applied to a virtual server, undisclosed requests can cause the bd process to terminate. CVE-2025-54858...
K000154664: BIG-IP Advanced WAF and ASM vulnerability CVE-2025-61935
Security Advisory Description When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. CVE-2025-61935 Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a remote,...
K000156624: BIG-IP Advanced WAF and ASM bd process vulnerability CVE-2025-61938
Security Advisory Description When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly...
F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM bd process vulnerability (K000156624)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000156624 advisory. When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for...
Wapiti Web Application Vulnerability Scanner 3.2.7 Source Code
Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the source code release...
Wapiti Web Application Vulnerability Scanner 3.2.7
Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the binary release...
EUVD-2025-33832
A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validati...
dzzoffice_upload
It is an offensive tool for web application exploitation. The re...