Lucene search
K

6384 matches found

F5 Networks
F5 Networks
•added 1 hour ago•2 views

K000162204: Linux kernel vulnerability CVE-2025-37789

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...

7.8CVSS6AI score0.00179EPSS
Exploits0
F5 Networks
F5 Networks
•added 1 hour ago•2 views

K000162203: Spring Cloud Config vulnerability CVE-2026-40981

Security Advisory Description When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive;...

7.5CVSS6.1AI score0.00435EPSS
Exploits0
F5 Networks
F5 Networks
•added 3 days ago•4 views

K000162184: Spring Kafka vulnerability CVE-2026-41727

Security Advisory Description Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retrytopic-attempts header to supply an out-of-range attempt count and cause the retry topic...

6.5CVSS6.1AI score0.0024EPSS
Exploits0
F5 Networks
F5 Networks
•added 3 days ago•4 views

K000162183: Spring web services vulnerability CVE-2026-40996

Security Advisory Description Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS1 v1.5 rsa-15 encrypted key material unless operators...

4.8CVSS6.1AI score0.00129EPSS
Exploits0
F5 Networks
F5 Networks
•added 3 days ago•4 views

K000162182: Spring Expression Language (SpEL) vulnerability CVE-2026-41850

Security Advisory Description Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading...

7.5CVSS6.1AI score0.0036EPSS
Exploits0
F5 Networks
F5 Networks
•added 3 days ago•4 views

K000162181: Spring Framework vulnerability CVE-2026-41841

Security Advisory Description Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. CVE-2026-41841 Impact Ther...

5.9CVSS6.1AI score0.00313EPSS
Exploits0
F5 Networks
F5 Networks
•added 3 days ago•4 views

K000162180: Spring WebFlux vulnerability CVE-2026-41840

Security Advisory Description Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48. CVE-2026-41840 Impact There is n...

5.9CVSS6.1AI score0.00247EPSS
Exploits0
F5 Networks
F5 Networks
•added 3 days ago•6 views

K000162179: Spring for GraphQL vulnerability CVE-2026-41700

Security Advisory Description Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with...

8.1CVSS6.3AI score0.00182EPSS
Exploits0
F5 Networks
F5 Networks
•added 3 days ago•4 views

K000162177: Spring Framework vulnerability CVE-2026-41699

Security Advisory Description Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated Connection field and...

9.8CVSS6.2AI score0.0043EPSS
Exploits0
F5 Networks
F5 Networks
•added 3 days ago•4 views

K000162176: Spring authorization server vulnerability CVE-2026-22752

Security Advisory Description The cve record for the cve id does not exist. CVE-2026-22752 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability, and...

6.1AI score
Exploits0
F5 Networks
F5 Networks
•added 4 days ago•4 views

K000162161: Spring Framework vulnerability CVE-2026-41839

Security Advisory Description A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7;...

4.2CVSS5.8AI score0.00197EPSS
Exploits0
F5 Networks
F5 Networks
•added 4 days ago•3 views

K000162157: Apache Tomcat vulnerability CVE-2026-43513 and CVE-2026-43515

Security Advisory Description CVE-2026-43513 Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0....

9.1CVSS7AI score0.01136EPSS
Exploits1
F5 Networks
F5 Networks
•added 4 days ago•4 views

K000162156: Spring Framework vulnerability CVE-2026-41844

Security Advisory Description A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions:...

6.1CVSS6AI score0.00134EPSS
Exploits0
F5 Networks
F5 Networks
•added 4 days ago•4 views

K000162153: Spring Web Services vulnerability CVE-2026-40994

Security Advisory Description Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules...

8.2CVSS5.9AI score0.00229EPSS
Exploits0
F5 Networks
F5 Networks
•added 5 days ago•8 views

K000162136: Node.js vulnerabilities CVE-2026-48615 and CVE-2026-48935

Security Advisory Description CVE-2026-48615 A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or...

7.5CVSS5.9AI score0.00437EPSS
Exploits0
F5 Networks
F5 Networks
•added 5 days ago•9 views

K000162135: Apache Flink vulnerability CVE-2026-35194

Security Advisory Description Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON...

8.1CVSS6.4AI score0.00381EPSS
Exploits0
F5 Networks
F5 Networks
•added 5 days ago•7 views

K000162132: Linux kernel TLS vulnerability CVE-2025-39946

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the...

9.8CVSS6.7AI score0.08942EPSS
Exploits1
F5 Networks
F5 Networks
•added 6 days ago•5 views

K000162130: Spring Framework vulnerability CVE-2026-41851

Security Advisory Description Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7;...

7.5CVSS5.9AI score0.0036EPSS
Exploits0
F5 Networks
F5 Networks
•added 6 days ago•10 views

K000162120: Jinja2 vulnerability CVE-2024-56326 and CVE-2016-10745

Security Advisory Description CVE-2024-56326 Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the...

8.6CVSS7.1AI score0.03492EPSS
Exploits0
F5 Networks
F5 Networks
•added 6 days ago•3 views

K000162117: Linux kernel vulnerability CVE-2023-53552

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915requests may be trapped by userspace inside a syncfile or dmabuf dma-resv and held indefinitely across...

7.8CVSS6.1AI score0.00155EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/06 12:58 a.m.•4 views

K000162085: Spring Data MongoDB vulnerability CVE-2026-41717

Security Advisory Description Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions...

8.1CVSS5.9AI score0.00328EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/06 12:54 a.m.•4 views

K000162084: Spring Web Services vulnerability CVE-2026-41000

Security Advisory Description Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-u...

3.7CVSS6AI score0.00223EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/06 12:51 a.m.•3 views

K000162083: Linux kernel vulnerability CVE-2025-39925

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEVUNREGISTER notification handler syzbot is reporting unregisternetdevice: waiting for vcan0 to become free. Usage count = 2 problem, for j1939 protocol did not have...

5.5CVSS5.9AI score0.00119EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/03 1:9 p.m.•7 views

K000162049: Go vulnerability CVE-2025-58181

Security Advisory Description SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. CVE-2025-58181 Impact An attacker may be able to cause an increase in resource utilizatio...

5.3CVSS6.7AI score0.00533EPSS
Exploits0Affected Software5
F5 Networks
F5 Networks
•added 2026/07/03 1:2 p.m.•4 views

K000162045: Go vulnerability CVE-2025-47914

Security Advisory Description SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 Impact An attacker may be able to cause a denial-of-service DoS...

5.3CVSS6.4AI score0.00484EPSS
Exploits0Affected Software5
F5 Networks
F5 Networks
•added 2026/07/03 8:6 a.m.•6 views

K000162071: Python vulnerability CVE-2025-11468

Security Advisory Description When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468...

5.7CVSS7AI score0.0055EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/03 6:10 a.m.•5 views

K000162065: Spring Framework for Apache Kafka vulnerability CVE-2026-41726

Security Advisory Description When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions:...

6.5CVSS5.9AI score0.00289EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/02 11:37 p.m.•5 views

K000161886: NPM CLI vulnerabilities CVE-2019-16775, CVE-2019-16776, and CVE-2019-16777

Security Advisory Description CVE-2019-16775 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the...

8.1CVSS5.9AI score0.03342EPSS
Exploits0Affected Software12
F5 Networks
F5 Networks
•added 2026/07/02 6:16 p.m.•12 views

K000162058: Apache Tomcat vulnerabilities CVE-2026-41293, CVE-2026-43512, CVE-2026-42498, and CVE-2026-41284

Security Advisory Description CVE-2026-41293 Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions ma...

9.8CVSS5.7AI score0.01339EPSS
Exploits1
F5 Networks
F5 Networks
•added 2026/07/02 6:7 p.m.•7 views

K000162057: MySQL vulnerability CVE-2021-2471

Security Advisory Description Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

7.9CVSS5.8AI score0.07318EPSS
Exploits1
F5 Networks
F5 Networks
•added 2026/07/02 4:49 p.m.•8 views

K000162035: Golang vulnerability CVE-2025-58185

Security Advisory Description Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. CVE-2025-58185 Impact A malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to caus...

5.3CVSS5.7AI score0.00526EPSS
Exploits0Affected Software6
F5 Networks
F5 Networks
•added 2026/07/02 4:17 p.m.•11 views

K000162037: Golang vulnerability CVE-2025-58186

Security Advisory Description Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory...

5.3CVSS5.8AI score0.00534EPSS
Exploits0Affected Software6
F5 Networks
F5 Networks
•added 2026/07/02 4:3 p.m.•4 views

K000162053: Node.js vulnerability CVE-2025-55131

Security Advisory Description A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like...

7.1CVSS7.5AI score0.03493EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/02 3:42 p.m.•8 views

K000162052: Apache Tomcat vulnerability CVE-2026-43514

Security Advisory Description Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through...

3.7CVSS5.7AI score0.00352EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/02 8:45 a.m.•14 views

K000162041: Spring Framework vulnerabilities CVE-2026-41843 and CVE-2026-41846

Security Advisory Description CVE-2026-41843 Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. CVE-2026-41846 Spri...

6.1CVSS5.9AI score0.00341EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/02 4:6 a.m.•7 views

K000162034: Node.js vulnerability CVE-2026-48617

Security Advisory Description A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported...

1.8CVSS6.1AI score0.00208EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/02 2:7 a.m.•5 views

K000162031: Node.js vulnerability CVE-2026-21713

Security Advisory Description A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurement...

5.9CVSS6.7AI score0.00385EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/01 4:15 p.m.•10 views

K000162026: Multiple Go vulnerabilities

Security Advisory Description CVE-2026-33811 When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-39820 Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU...

7.5CVSS7AI score0.00813EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/01 7:29 a.m.•6 views

K000162017: Apache Artemis vulnerability CVE-2026-27446

Security Advisory Description Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an...

9.8CVSS7.2AI score0.10629EPSS
Exploits1
F5 Networks
F5 Networks
•added 2026/07/01 5:10 a.m.•4 views

K000162011: GNU inetutils vulnerability CVE-2026-32746

Security Advisory Description telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC Set Local Characters suboption handler because addslc does not check whether the buffer is full. CVE-2026-32746 Impact There is no impact; F5 products are not affected by this...

9.8CVSS5.9AI score0.23674EPSS
Exploits8
F5 Networks
F5 Networks
•added 2026/06/30 11:19 p.m.•6 views

K000162008: Apache HTTP Server vulnerability CVE-2026-34059

Security Advisory Description Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. CVE-2026-34059 Impact There is no impact; F5 products are not affected by this...

7.5CVSS7AI score0.00394EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/06/30 11:16 p.m.•4 views

K000162007: Apache HTTP Server vulnerability CVE-2026-34032

Security Advisory Description Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. CVE-2026-34032 Impact There is no impact; F5 products...

5.3CVSS6AI score0.00485EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/06/30 11:13 p.m.•6 views

K000162006: Apache HTTP Server vulnerability CVE-2026-33857

Security Advisory Description Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. CVE-2026-33857 Impact There is no impact; F5 products are not...

5.3CVSS6AI score0.00393EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/06/30 10:31 p.m.•4 views

K000162005: Apache HTTP Server vulnerability CVE-2026-33007

Security Advisory Description A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this...

5.3CVSS6AI score0.00514EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/06/30 10:27 p.m.•5 views

K000162004: Apache HTTP Server vulnerability CVE-2026-33006

Security Advisory Description A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue. CVE-2026-33006 Impact There is no impact; F5 products are not...

4.8CVSS5.8AI score0.00557EPSS
Exploits1
F5 Networks
F5 Networks
•added 2026/06/30 8:58 p.m.•6 views

K000161990: Go vulnerability CVE-2025-61723

Security Advisory Description The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. CVE-2025-61723 Impact An attacker may be able to cause an increase in resource utilization, which...

7.5CVSS7AI score0.00626EPSS
Exploits0Affected Software6
F5 Networks
F5 Networks
•added 2026/06/30 6:29 p.m.•4 views

K000161993: Golang vulnerability CVE-2025-47912

Security Advisory Description The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IP...

5.3CVSS5.7AI score0.00443EPSS
Exploits0Affected Software5
F5 Networks
F5 Networks
•added 2026/06/30 4:34 p.m.•6 views

K000161987: Golang vulnerability CVE-2025-47907

Security Advisory Description Cancelling a query e.g. by cancelling the context passed to one of the query methods during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may...

7CVSS6.6AI score0.00355EPSS
Exploits0Affected Software5
F5 Networks
F5 Networks
•added 2026/06/30 4:27 p.m.•9 views

K000161988: Go vulnerability CVE-2025-58183

Security Advisory Description tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into...

4.3CVSS6.6AI score0.00419EPSS
Exploits0Affected Software5
F5 Networks
F5 Networks
•added 2026/06/30 4:17 p.m.•4 views

K000161984: Go vulnerability CVE-2025-47906

Security Advisory Description If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned. CVE-2025-47906 Impact An attacker may...

6.5CVSS6.6AI score0.00489EPSS
Exploits1Affected Software5
Total number of security vulnerabilities6384