Lucene search
K

6392 matches found

F5 Networks
F5 Networks
•added yesterday•2 views

K000162230: Node.js vulnerability CVE-2026-21716

Security Advisory Description An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under...

3.3CVSS6.6AI score0.00159EPSS
Exploits0
F5 Networks
F5 Networks
•added yesterday•1 views

K000162233: Spring Framework vulnerability CVE-2026-47825

Security Advisory Description Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud...

8.6CVSS6.1AI score0.00139EPSS
Exploits0
F5 Networks
F5 Networks
•added yesterday•7 views

K000162232: Spring AI vulnerability CVE-2026-41713

Security Advisory Description A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversati...

8.2CVSS6AI score0.00218EPSS
Exploits0
F5 Networks
F5 Networks
•added yesterday•4 views

K000162214: Linux kernel mt76 wireless driver vulnerbaility CVE-2026-53102

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak after mt76connacmcuallocstareq mt76connacmcuallocstareq allocates an skb which is expected to be freed eventually by mt76mcuskbsendmsg. However, currently if an intermedia...

6AI score0.00156EPSS
Exploits0
F5 Networks
F5 Networks
•added yesterday•4 views

K000162213: Spring Cloud vulnerability CVE-2026-40982

Security Advisory Description Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud...

9.1CVSS6.2AI score0.00727EPSS
Exploits0
F5 Networks
F5 Networks
•added yesterday•3 views

K000162212: Node.js vulnerabilities CVE-2026-21637 and CVE-2025-59466

Security Advisory Description CVE-2026-21637 A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths...

7.5CVSS6.2AI score0.01056EPSS
Exploits0
F5 Networks
F5 Networks
•added yesterday•3 views

K000162211: Python urllib3 vulnerability CVE-2026-21441

Security Advisory Description urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or...

8.9CVSS6.1AI score0.02667EPSS
Exploits0
F5 Networks
F5 Networks
•added yesterday•8 views

K000162210: Multiple Apache Tomcat vulnerabilities

Security Advisory Description CVE-2026-55957 Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from...

9.1CVSS6AI score0.00462EPSS
Exploits1
F5 Networks
F5 Networks
•added yesterday•5 views

K000162204: Linux kernel vulnerability CVE-2025-37789

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...

7.8CVSS6AI score0.00179EPSS
Exploits0
F5 Networks
F5 Networks
•added yesterday•4 views

K000162203: Spring Cloud Config vulnerability CVE-2026-40981

Security Advisory Description When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive;...

7.5CVSS6.1AI score0.00435EPSS
Exploits0
F5 Networks
F5 Networks
•added 4 days ago•4 views

K000162184: Spring Kafka vulnerability CVE-2026-41727

Security Advisory Description Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retrytopic-attempts header to supply an out-of-range attempt count and cause the retry topic...

6.5CVSS6.1AI score0.0024EPSS
Exploits0
F5 Networks
F5 Networks
•added 4 days ago•4 views

K000162183: Spring web services vulnerability CVE-2026-40996

Security Advisory Description Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS1 v1.5 rsa-15 encrypted key material unless operators...

4.8CVSS6.1AI score0.00129EPSS
Exploits0
F5 Networks
F5 Networks
•added 4 days ago•4 views

K000162182: Spring Expression Language (SpEL) vulnerability CVE-2026-41850

Security Advisory Description Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading...

7.5CVSS6.1AI score0.0036EPSS
Exploits0
F5 Networks
F5 Networks
•added 4 days ago•4 views

K000162181: Spring Framework vulnerability CVE-2026-41841

Security Advisory Description Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. CVE-2026-41841 Impact Ther...

5.9CVSS6.1AI score0.00313EPSS
Exploits0
F5 Networks
F5 Networks
•added 4 days ago•4 views

K000162180: Spring WebFlux vulnerability CVE-2026-41840

Security Advisory Description Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48. CVE-2026-41840 Impact There is n...

5.9CVSS6.1AI score0.00247EPSS
Exploits0
F5 Networks
F5 Networks
•added 4 days ago•8 views

K000162179: Spring for GraphQL vulnerability CVE-2026-41700

Security Advisory Description Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with...

8.1CVSS6.3AI score0.00182EPSS
Exploits0
F5 Networks
F5 Networks
•added 4 days ago•4 views

K000162177: Spring Framework vulnerability CVE-2026-41699

Security Advisory Description Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated Connection field and...

9.8CVSS6.2AI score0.0043EPSS
Exploits0
F5 Networks
F5 Networks
•added 4 days ago•6 views

K000162176: Spring authorization server vulnerability CVE-2026-22752

Security Advisory Description The cve record for the cve id does not exist. CVE-2026-22752 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability, and...

6.1AI score
Exploits0
F5 Networks
F5 Networks
•added 5 days ago•4 views

K000162161: Spring Framework vulnerability CVE-2026-41839

Security Advisory Description A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7;...

4.2CVSS5.8AI score0.00197EPSS
Exploits0
F5 Networks
F5 Networks
•added 5 days ago•4 views

K000162157: Apache Tomcat vulnerability CVE-2026-43513 and CVE-2026-43515

Security Advisory Description CVE-2026-43513 Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0....

9.1CVSS7AI score0.01136EPSS
Exploits1
F5 Networks
F5 Networks
•added 5 days ago•4 views

K000162156: Spring Framework vulnerability CVE-2026-41844

Security Advisory Description A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions:...

6.1CVSS6AI score0.00134EPSS
Exploits0
F5 Networks
F5 Networks
•added 5 days ago•4 views

K000162153: Spring Web Services vulnerability CVE-2026-40994

Security Advisory Description Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules...

8.2CVSS5.9AI score0.00229EPSS
Exploits0
F5 Networks
F5 Networks
•added 6 days ago•9 views

K000162136: Node.js vulnerabilities CVE-2026-48615 and CVE-2026-48935

Security Advisory Description CVE-2026-48615 A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or...

7.5CVSS5.9AI score0.00437EPSS
Exploits0
F5 Networks
F5 Networks
•added 6 days ago•10 views

K000162135: Apache Flink vulnerability CVE-2026-35194

Security Advisory Description Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON...

8.1CVSS6.4AI score0.00381EPSS
Exploits0
F5 Networks
F5 Networks
•added 6 days ago•10 views

K000162132: Linux kernel TLS vulnerability CVE-2025-39946

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the...

9.8CVSS6.7AI score0.08942EPSS
Exploits1
F5 Networks
F5 Networks
•added last week•5 views

K000162130: Spring Framework vulnerability CVE-2026-41851

Security Advisory Description Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7;...

7.5CVSS5.9AI score0.0036EPSS
Exploits0
F5 Networks
F5 Networks
•added last week•12 views

K000162120: Jinja2 vulnerability CVE-2024-56326 and CVE-2016-10745

Security Advisory Description CVE-2024-56326 Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the...

8.6CVSS7.1AI score0.03492EPSS
Exploits0
F5 Networks
F5 Networks
•added last week•4 views

K000162117: Linux kernel vulnerability CVE-2023-53552

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915requests may be trapped by userspace inside a syncfile or dmabuf dma-resv and held indefinitely across...

7.8CVSS6.1AI score0.00155EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/06 12:58 a.m.•4 views

K000162085: Spring Data MongoDB vulnerability CVE-2026-41717

Security Advisory Description Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions...

8.1CVSS5.9AI score0.00328EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/06 12:54 a.m.•4 views

K000162084: Spring Web Services vulnerability CVE-2026-41000

Security Advisory Description Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-u...

3.7CVSS6AI score0.00223EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/06 12:51 a.m.•4 views

K000162083: Linux kernel vulnerability CVE-2025-39925

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEVUNREGISTER notification handler syzbot is reporting unregisternetdevice: waiting for vcan0 to become free. Usage count = 2 problem, for j1939 protocol did not have...

5.5CVSS5.9AI score0.00119EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/03 1:9 p.m.•9 views

K000162049: Go vulnerability CVE-2025-58181

Security Advisory Description SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. CVE-2025-58181 Impact An attacker may be able to cause an increase in resource utilizatio...

5.3CVSS6.7AI score0.00533EPSS
Exploits0Affected Software5
F5 Networks
F5 Networks
•added 2026/07/03 1:2 p.m.•5 views

K000162045: Go vulnerability CVE-2025-47914

Security Advisory Description SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 Impact An attacker may be able to cause a denial-of-service DoS...

5.3CVSS6.4AI score0.00484EPSS
Exploits0Affected Software5
F5 Networks
F5 Networks
•added 2026/07/03 8:6 a.m.•6 views

K000162071: Python vulnerability CVE-2025-11468

Security Advisory Description When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468...

5.7CVSS7AI score0.0055EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/03 6:10 a.m.•5 views

K000162065: Spring Framework for Apache Kafka vulnerability CVE-2026-41726

Security Advisory Description When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions:...

6.5CVSS5.9AI score0.00289EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/02 11:37 p.m.•5 views

K000161886: NPM CLI vulnerabilities CVE-2019-16775, CVE-2019-16776, and CVE-2019-16777

Security Advisory Description CVE-2019-16775 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the...

8.1CVSS5.9AI score0.03342EPSS
Exploits0Affected Software12
F5 Networks
F5 Networks
•added 2026/07/02 6:16 p.m.•12 views

K000162058: Apache Tomcat vulnerabilities CVE-2026-41293, CVE-2026-43512, CVE-2026-42498, and CVE-2026-41284

Security Advisory Description CVE-2026-41293 Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions ma...

9.8CVSS5.7AI score0.01339EPSS
Exploits1
F5 Networks
F5 Networks
•added 2026/07/02 6:7 p.m.•7 views

K000162057: MySQL vulnerability CVE-2021-2471

Security Advisory Description Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

7.9CVSS5.8AI score0.07318EPSS
Exploits1
F5 Networks
F5 Networks
•added 2026/07/02 4:49 p.m.•9 views

K000162035: Golang vulnerability CVE-2025-58185

Security Advisory Description Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. CVE-2025-58185 Impact A malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to caus...

5.3CVSS5.7AI score0.00526EPSS
Exploits0Affected Software6
F5 Networks
F5 Networks
•added 2026/07/02 4:17 p.m.•13 views

K000162037: Golang vulnerability CVE-2025-58186

Security Advisory Description Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory...

5.3CVSS5.8AI score0.00534EPSS
Exploits0Affected Software6
F5 Networks
F5 Networks
•added 2026/07/02 4:3 p.m.•5 views

K000162053: Node.js vulnerability CVE-2025-55131

Security Advisory Description A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like...

7.1CVSS7.5AI score0.03493EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/02 3:42 p.m.•10 views

K000162052: Apache Tomcat vulnerability CVE-2026-43514

Security Advisory Description Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through...

3.7CVSS5.7AI score0.00352EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/02 8:45 a.m.•14 views

K000162041: Spring Framework vulnerabilities CVE-2026-41843 and CVE-2026-41846

Security Advisory Description CVE-2026-41843 Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. CVE-2026-41846 Spri...

6.1CVSS5.9AI score0.00341EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/02 4:6 a.m.•7 views

K000162034: Node.js vulnerability CVE-2026-48617

Security Advisory Description A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported...

1.8CVSS6.1AI score0.00208EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/02 2:7 a.m.•6 views

K000162031: Node.js vulnerability CVE-2026-21713

Security Advisory Description A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurement...

5.9CVSS6.7AI score0.00385EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/01 4:15 p.m.•12 views

K000162026: Multiple Go vulnerabilities

Security Advisory Description CVE-2026-33811 When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-39820 Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU...

7.5CVSS7AI score0.00813EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/07/01 7:29 a.m.•6 views

K000162017: Apache Artemis vulnerability CVE-2026-27446

Security Advisory Description Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an...

9.8CVSS7.2AI score0.10629EPSS
Exploits1
F5 Networks
F5 Networks
•added 2026/07/01 5:10 a.m.•5 views

K000162011: GNU inetutils vulnerability CVE-2026-32746

Security Advisory Description telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC Set Local Characters suboption handler because addslc does not check whether the buffer is full. CVE-2026-32746 Impact There is no impact; F5 products are not affected by this...

9.8CVSS5.9AI score0.23674EPSS
Exploits8
F5 Networks
F5 Networks
•added 2026/06/30 11:19 p.m.•7 views

K000162008: Apache HTTP Server vulnerability CVE-2026-34059

Security Advisory Description Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. CVE-2026-34059 Impact There is no impact; F5 products are not affected by this...

7.5CVSS7AI score0.00394EPSS
Exploits0
F5 Networks
F5 Networks
•added 2026/06/30 11:16 p.m.•6 views

K000162007: Apache HTTP Server vulnerability CVE-2026-34032

Security Advisory Description Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. CVE-2026-34032 Impact There is no impact; F5 products...

5.3CVSS6AI score0.00485EPSS
Exploits0
Total number of security vulnerabilities6392