F5 Networks, Inc. Security Vulnerabilities
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers....
4.3CVSS
4.5AI Score
0.001EPSS
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on several functions in all versions up to, and including, 1.8.9. This makes it possible for unauthenticated attackers to invoke....
4.3CVSS
4.7AI Score
0.001EPSS
F5 Networks BIG-IP Edge Client for macOS Privilege Escalation (K000135040)
The version of F5 Networks BIG-IP installed on the remote macOS host is prior or equal to 17.1.0 / 16.1.4 / 15.1.10 / 14.1.5 / 13.1.5. It is, therefore, affected by a vulnerability as referenced in the K000135040 advisory. An insufficient verification of data may allow an attacker elevation of...
7.8CVSS
7.7AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP APM virtual server vulnerability (K95503300)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.7 / 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K95503300 advisory. On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7,...
6.1CVSS
6.7AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP AFM virtual server vulnerability (K24358905)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.4.1 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K24358905 advisory. On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before...
7.5CVSS
7.8AI Score
0.001EPSS
The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
5.7AI Score
0.001EPSS
The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
6.4CVSS
6.3AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP DNS TSIG Key Leakage (K98334513)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K98334513 advisory. When a BIG-IP DNS or BIG-IP LTM system is enabled with the DNS Services license, and a TSIG key is created,...
5.5CVSS
5.9AI Score
0.0004EPSS
F5 Networks BIG-IP : BIG-IP TMOS Shell Information Exposure (K20307245)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K20307245 advisory. Exposure of Sensitive Information vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command,...
4.4CVSS
5AI Score
0.0004EPSS
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
8.8CVSS
7.9AI Score
0.001EPSS
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers....
4.3CVSS
6.3AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP network failover vulnerability (K67472032)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K67472032 advisory. On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG- IQ...
8.1CVSS
8.4AI Score
0.003EPSS
F5 Networks BIG-IP : SSL 3.0/TLS 1.0 vulnerability (K13400)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K13400 advisory. The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, ...
7.3AI Score
0.009EPSS
F5 Networks BIG-IP : Intel I210 network adapter vulnerability (K83504933)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K83504933 advisory. Improper default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters...
5.5CVSS
4.9AI Score
0.0004EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....
7.2CVSS
6.1AI Score
0.001EPSS
F5 Networks BIG-IP : Intel I210 network adapter vulnerability (K44482551)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K44482551 advisory. Improper access control in firmware for the Intel(R) Ethernet I210 Controller series of network adapters before...
4.4CVSS
4.6AI Score
0.0004EPSS
OctoPrint is vulnerable to an Authentication Bypass. The vulnerability is due to an unauthenticated attacker being able to bypass authentication by spoofing their IP via the X-Forwarded-For header when the autologinLocal option is enabled, even if they are from networks not configured as...
7.1CVSS
7.4AI Score
0.0004EPSS
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
8.8CVSS
8.9AI Score
0.001EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....
7.2CVSS
6.4AI Score
0.001EPSS
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
8.8CVSS
8.9AI Score
0.001EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....
7.2CVSS
6AI Score
0.001EPSS
F5 Networks BIG-IP : Authenticated iControl REST in Appliance mode vulnerability (K81952114)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K81952114 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1,...
9.1CVSS
9.2AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP and BIG-IQ SCP vulnerability (K38271531)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K38271531 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1,...
4.9CVSS
5.5AI Score
0.001EPSS
OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts (vanilla and ethereum flavors) in the...
6.5CVSS
6.5AI Score
0.003EPSS
F5 Networks BIG-IP : BIG-IP SSL OCSP Authentication profile vulnerability (K56412001)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8.1 / 16.1.3.3 / 17.0.0.2 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K56412001 advisory. In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before...
7.5CVSS
7.9AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP ASM and Advanced WAF vulnerability (K03442392)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5 / 16.1.2.1 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K03442392 advisory. On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x...
7.5CVSS
7.8AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP iControl REST and tmsh vulnerabilities (K53197140)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K53197140 advisory. On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1,...
4.9CVSS
5.9AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP Edge Client for Windows vulnerability (K15478554)
The BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions, and allows execution of signed .exe and MSI files. (CVE-2020-5896) Impact This vulnerability can be exploited to allow an unprivileged user to gain privilege escalation on the client Windows...
7.8CVSS
8.1AI Score
0.0004EPSS
TIBCO Security Advisory: June 11, 2024 - TIBCO EBX - CVE-2024-4576
TIBCO EBX File Inclusion Vulnerability Original release date: June 11, 2024 Last revised: June 12, 2024 CVE-2024-4576 Source: TIBCO Software Inc. Products Affected TIBCO EBX versions 5.9.25 and below TIBCO EBX versions 6.1.3 HF2 and below Component affected: EBX Add-ons Description The...
6.9AI Score
0.0004EPSS
SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the...
9.8CVSS
8.8AI Score
0.022EPSS
F5 Networks BIG-IP : BIG-IP Edge Client for Windows vulnerability (K54460845)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K54460845 advisory. On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to...
7.8CVSS
7.8AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP APM browser network access VPN client vulnerability (K000138744)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.3 / 16.1.4.2 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000138744 advisory. An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for...
7.4CVSS
7.3AI Score
0.0004EPSS
F5 Networks BIG-IP : BIG-IP TMM tenants on VELOS and rSeries vulnerability (K000139217)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10. It is, therefore, affected by a vulnerability as referenced in the K000139217 advisory. Under certain conditions, a potential data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants...
6.5CVSS
7AI Score
0.0004EPSS
F5 Networks BIG-IP : F5 BIG-IP Guided Configuration XSS vulnerability (K21317311)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.3 / 15.1.8 / 16.1.3.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K21317311 advisory. On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5...
7.5CVSS
6.3AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP Edge Client for macOS vulnerability (K000134746)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000134746 advisory. The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the...
7.8CVSS
7.5AI Score
0.0004EPSS
F5 Networks BIG-IP : BIG-IP engineering hotfix TMM vulnerability (K53590702)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K53590702 advisory. Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel...
7.5CVSS
7.6AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP APM portal access vulnerability (K40625021)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K40625021 advisory. A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP...
4.3CVSS
4.7AI Score
0.001EPSS
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...
8.1CVSS
6.8AI Score
0.001EPSS
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...
8.1CVSS
6.9AI Score
0.001EPSS
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...
8.1CVSS
8AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP Appliance Mode External Monitor Vulnerability (K41072952)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K41072952 advisory. When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass...
8.7CVSS
8.6AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP Edge Client for Windows vulnerability (K33552735)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K33552735 advisory. On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to...
7.8CVSS
7.9AI Score
0.0004EPSS
The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.6 / 14.1.4 / 15.1.2.1 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K03009991 advisory. On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x...
9.8CVSS
9.8AI Score
0.974EPSS
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...
8.8CVSS
7.7AI Score
0.001EPSS
An issue discovered in Mercury x30g, Mercury YR1800XG routers allows attackers to hijack TCP sessions which could lead to a denial of...
6.8AI Score
EPSS
An issue discovered in Mercury x30g, Mercury YR1800XG routers allows attackers to hijack TCP sessions which could lead to a denial of...
6.5AI Score
EPSS
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....
7.2CVSS
6.4AI Score
0.001EPSS
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
6.4CVSS
5.8AI Score
0.001EPSS
Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are...
6.7CVSS
6.1AI Score
0.001EPSS
F5 Networks BIG-IP : BIG-IP APM Clients TunnelCrack vulnerability (K000136907)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000136907 advisory. BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End...
7.1CVSS
7AI Score
0.001EPSS