Lucene search
K

6384 matches found

F5 Networks
F5 Networks
added 2026/06/30 3:45 p.m.6 views

K000161969: Go vulnerability CVE-2025-58189

Security Advisory Description When Conn.Handshake fails during Application-Layer Protocol Negotiation ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped. CVE-2025-58189 Impact An attacker may be able to inject controlled...

5.3CVSS6.5AI score0.00443EPSS
Exploits0Affected Software3
F5 Networks
F5 Networks
added 2026/06/29 8:52 p.m.6 views

K000161970: Golang vulnerability CVE-2025-22869

Security Advisory Description SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. CVE-2025-22869 Impact An attack...

7.5CVSS5.9AI score0.00868EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2026/06/29 7:25 p.m.6 views

K000161965: Golang vulnerability CVE-2025-4673

Security Advisory Description Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Impact An attacker may be able to gain access to sensitive information. Security Advisory Status F5 Product Development has...

6.8CVSS6.5AI score0.0056EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2026/06/29 5:40 p.m.8 views

K000161954: Linux kernel vulnerability CVE-2026-23351

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Under a large number of expired elements, commit-time GC can run for a very...

7.8CVSS5.9AI score0.00119EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2026/06/29 4:56 p.m.8 views

K000161964: Golang vulnerability CVE-2025-61729

Security Advisory Description Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate...

7.5CVSS7.1AI score0.00459EPSS
Exploits2Affected Software2
F5 Networks
F5 Networks
added 2026/06/29 3:39 p.m.9 views

K000161963: Golang vulnerability CVE-2025-61727

Security Advisory Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example . com does not prevent a leaf certificate from claiming the SAN .example.co...

6.5CVSS6.7AI score0.00274EPSS
Exploits0Affected Software2
F5 Networks
F5 Networks
added 2026/06/29 7:42 a.m.6 views

K000161955: HarfBuzz vulnerability CVE-2026-22693

Security Advisory Description HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement n...

5.3CVSS6AI score0.00377EPSS
Exploits1
F5 Networks
F5 Networks
added 2026/06/29 7:21 a.m.9 views

K000161953: Multiple Linux kernel vulnerabilities CVE-2026-23379, CVE-2026-23381, CVE-2026-23396, CVE-2026-23397 and CVE-2026-23398

Security Advisory Description CVE-2026-23379 In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by averaging over the sums of quanta as 'qsum' and 'qpsum'...

5.5CVSS6AI score0.00119EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/29 7:15 a.m.8 views

K000161952: Multiple Linux kernel vulnerabilities CVE-2026-23347, CVE-2026-23356, CVE-2026-23357, CVE-2026-23364 and CVE-2026-23365

Security Advisory Description CVE-2026-23347 In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it...

7.4CVSS5.8AI score0.00392EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/29 7:10 a.m.9 views

K000161951: Livewire vulnerability CVE-2025-54068

Security Advisory Description Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are...

9.8CVSS7.6AI score0.95376EPSS
Exploits5
F5 Networks
F5 Networks
added 2026/06/29 7:7 a.m.8 views

K000161950: Spring AI vulnerability CVE-2026-22738

Security Advisory Description In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied...

9.8CVSS6AI score0.00821EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/29 6:29 a.m.10 views

K000161947: Cross-site scripting (XSS) vulnerability in Grafana CVE-2025-4123

Security Advisory Description A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does...

7.6CVSS7.5AI score0.97809EPSS
Exploits6
F5 Networks
F5 Networks
added 2026/06/26 3:52 p.m.7 views

K000161933: Spring Framework vulnerability CVE-2026-41853

Security Advisory Description Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. CVE-2026-41853 Impact There is no impact; F5 products...

5.3CVSS5.8AI score0.00186EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/26 3:49 p.m.6 views

K000161932: Spring Framework vulnerability CVE-2026-41842

Security Advisory Description Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. CVE-2026-41842 Impact There...

7.5CVSS5.8AI score0.00399EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/26 1:45 p.m.8 views

K000161931: Spring Framework vulnerability CVE-2026-41838

Security Advisory Description IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1....

7.5CVSS5.7AI score0.00171EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/26 1:40 p.m.5 views

K000161930: Spring Framework vulnerability CVE-2026-41848

Security Advisory Description Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: matchString pattern, String path,...

7.5CVSS5.7AI score0.00317EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/26 6:39 a.m.10 views

K000161920: Node.js vulnerability CVE-2026-48619

Security Advisory Description A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26. CVE-2026-48619 Impa...

7.5CVSS6.3AI score0.00656EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/26 3:3 a.m.12 views

K000161919: BIND vulnerability CVE-2026-5947

Security Advisory Description Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as...

7.5CVSS5.8AI score0.01387EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/25 11:25 p.m.7 views

K000161917: Spring Framework vulnerability CVE-2026-41845

Security Advisory Description Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through...

7.1CVSS5.8AI score0.00161EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/25 4:26 p.m.18 views

K000161867: Linux kernel vulnerabilities CVE-2026-23291, CVE-2026-23292, CVE-2026-23298, and CVE-2026-23304

Security Advisory Description CVE-2026-23291 In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was...

5.5CVSS5.8AI score0.00123EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2026/06/25 4:20 p.m.8 views

K000161912: Node.js vulnerability CVE-2026-21711

Security Advisory Description A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under --permission without --allow-net...

5.3CVSS5.9AI score0.00146EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/25 4:17 p.m.8 views

K000161911: Node.js vulnerability CVE-2026-48936

Security Advisory Description A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26. CVE-2026-48936 Impact There is no impact; F5 products are not...

3.3CVSS6AI score0.00154EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/25 4:13 p.m.7 views

K000161910: Spring Framework vulnerability CVE-2026-41838

Security Advisory Description IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1....

7.5CVSS5.8AI score0.00171EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/25 2:54 p.m.12 views

K000161897: Linux kernel vulnerability CVE-2026-23303

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug...

5.5CVSS5.6AI score0.00123EPSS
Exploits0Affected Software12
F5 Networks
F5 Networks
added 2026/06/25 2:14 p.m.7 views

K000161909: Node.js vulnerability CVE-2026-21714

Security Advisory Description A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is neve...

5.3CVSS7.2AI score0.00454EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/25 9:14 a.m.11 views

K000161900: Spring Retry vulnerability CVE-2026-41710

Security Advisory Description An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit...

5.9CVSS5.8AI score0.0028EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/25 6:2 a.m.9 views

K000161888: Apache log4j vulnerability CVE-2026-34481

Security Advisory Description Apache Log4j's JsonTemplateLayout https:// logging. apache. org/log4j/2. x/manual/json-template-layout. html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity,...

7.5CVSS5.7AI score0.00555EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/25 6:0 a.m.5 views

K000161887: Linux kernel vulnerability CVE-2026-23284

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Reset prog ptr to oldprog in case of error in mtkxdpsetup Reset eBPF program pointer to oldprog and do not decrease its ref-count if mtkopen routine in mtkxdpsetup fails...

5.5CVSS5.6AI score0.00123EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/24 9:30 a.m.24 views

K000161869: PHP Laravel framework vulnerabilities CVE-2024-52301 and CVE-2018-15133

Security Advisory Description CVE-2024-52301 Laravel is a web application framework. When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The...

8.7CVSS8AI score0.76814EPSS
Exploits12
F5 Networks
F5 Networks
added 2026/06/23 11:39 p.m.6 views

K000161864: Spring WebFlux vulnerability CVE-2026-41847

Security Advisory Description Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48. CVE-2026-41847 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

5.3CVSS5.8AI score0.00166EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/23 11:18 p.m.11 views

K000161863: runc vulnerabilities CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881

Security Advisory Description CVE-2025-31133 runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the...

8.4CVSS7.1AI score0.0067EPSS
Exploits4
F5 Networks
F5 Networks
added 2026/06/23 7:49 a.m.9 views

K000161852: PHP vulnerabilities CVE-2025-1735 and CVE-2026-7258

Security Advisory Description CVE-2025-1735 In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as...

7.5CVSS7AI score0.00953EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/23 7:45 a.m.9 views

K000161850: urllib3 vulnerability CVE-2025-66471

Security Advisory Description urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the...

8.9CVSS6.9AI score0.00633EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/23 7:33 a.m.6 views

K000161848: PHP vulnerability CVE-2025-1220

Security Advisory Description In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname...

5.3CVSS6.6AI score0.00514EPSS
Exploits1
F5 Networks
F5 Networks
added 2026/06/23 6:21 a.m.13 views

K000161846: Apache Thrift vulnerability CVE-2026-43870

Security Advisory Description Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This...

7.3CVSS5.8AI score0.00394EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/22 5:7 p.m.7 views

K000161732: PostgreSQL vulnerabilities CVE-2026-2004, CVE-2026-2005, and CVE-2026-2006

Security Advisory Description CVE-2026-2004 Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16...

8.8CVSS7.5AI score0.01208EPSS
Exploits3Affected Software1
F5 Networks
F5 Networks
added 2026/06/22 4:47 p.m.11 views

K000161730: PostgreSQL vulnerability CVE-2026-2003

Security Advisory Description Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Version...

4.3CVSS5.8AI score0.00281EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2026/06/22 5:51 a.m.10 views

K000161824: Linux kernel vulnerability CVE-2026-23290

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a...

5.5CVSS5.6AI score0.00123EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/22 5:48 a.m.8 views

K000161823: Linux kernel vulnerability CVE-2025-71095

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix the crash issue for zero copy XDPTX action There is a crash issue when running zero copy XDPTX action, the crash log is shown below. 216.122464 Unable to handle kernel paging request...

5.5CVSS5.5AI score0.00114EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/22 3:49 a.m.13 views

K000161821: Multiple Linux kernel vulnerabilities

Security Advisory Description CVE-2026-23289 In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthcaunmapuserdb for mthcacreatesrq Fix a user triggerable leak on the system call failure path. CVE-2026-23293 In the Linux kernel, the following vulnerability ha...

5.5CVSS5.6AI score0.00123EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/17 7:46 p.m.17 views

K000161785: NGINX Gateway Fabric vulnerability CVE-2026-50107

Security Advisory Description When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource...

8.6CVSS5.5AI score0.00492EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2026/06/17 7:45 p.m.13 views

K000161786: NGINX Gateway Fabric vulnerability CVE-2026-32682

Security Advisory Description When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containin...

7.1CVSS5.3AI score0.00292EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2026/06/17 1:53 p.m.75 views

K000161614: Out-of-band Security Notification (June 17, 2026)

Security Advisory Description On June 17, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. High CVEs Medi...

9.2CVSS6.2AI score0.03459EPSS
Exploits4
F5 Networks
F5 Networks
added 2026/06/17 1:45 p.m.38 views

K000161616: NGINX ngx_http_v3_module vulnerability CVE-2026-42530

Security Advisory Description NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen ...

9.2CVSS6.3AI score0.03225EPSS
Exploits3Affected Software4
F5 Networks
F5 Networks
added 2026/06/17 1:44 p.m.19 views

K000161584: NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability CVE-2026-42055

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is se...

9.2CVSS6.6AI score0.03459EPSS
Exploits1Affected Software9
F5 Networks
F5 Networks
added 2026/06/17 1:43 p.m.13 views

K000161611: NGINX Gateway Fabric vulnerability CVE-2026-11311

Security Advisory Description When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens...

8.6CVSS5.5AI score0.00567EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2026/06/17 1:43 p.m.11 views

K000161585: NGINX ngx_http_charset_module vulnerability CVE-2026-48142

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both sourcecharset utf-8; and a charset directive for example, charset koi8-r ; configured, remote, unauthenticat...

6.3CVSS5.5AI score0.00398EPSS
Exploits0Affected Software9
F5 Networks
F5 Networks
added 2026/06/17 1:11 p.m.10 views

K000161775: Apache Pulsar vulnerability CVE-2026-41732

Security Advisory Description JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather tha...

8.1CVSS5.2AI score0.00347EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/10 7:18 p.m.13 views

K000161670: Apache HTTP Server vulnerability CVE-2026-33523

Security Advisory Description HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

6.5CVSS5.4AI score0.00436EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/06/10 7:13 p.m.19 views

K000161669: Apache HTTP Server vulnerabilities CVE-2026-24072 and CVE-2026-23918

Security Advisory Description CVE-2026-24072 An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

8.8CVSS7.8AI score0.4581EPSS
Exploits17
Total number of security vulnerabilities6384