CVE-2025-61951 - BIG-IP DTLS 1.2 Vulnerability
CVE ID : CVE-2025-61951
Published : Oct. 15, 2025, 2:15 p.m. | 1 hour, 57 minutes ago
Description : Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) 1.2 virtual server is enabled with a Server SSL profile that is configured with a certificate, key, and the SSL Sign Hash set to ANY, and the backend server is enabled with DTLS 1.2 and client authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61951
Published : Oct. 15, 2025, 2:15 p.m. | 1 hour, 57 minutes ago
Description : Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) 1.2 virtual server is enabled with a Server SSL profile that is configured with a certificate, key, and the SSL Sign Hash set to ANY, and the backend server is enabled with DTLS 1.2 and client authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61955 - F5OS vulnerability
CVE ID : CVE-2025-61955
Published : Oct. 15, 2025, 2:15 p.m. | 1 hour, 57 minutes ago
Description : A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61955
Published : Oct. 15, 2025, 2:15 p.m. | 1 hour, 57 minutes ago
Description : A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61958 - BIG-IP TMSH vulnerability
CVE ID : CVE-2025-61958
Published : Oct. 15, 2025, 2:15 p.m. | 1 hour, 57 minutes ago
Description : A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell. For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61958
Published : Oct. 15, 2025, 2:15 p.m. | 1 hour, 57 minutes ago
Description : A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell. For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61960 - BIG-IP APM portal access vulnerability
CVE ID : CVE-2025-61960
Published : Oct. 15, 2025, 2:15 p.m. | 1 hour, 57 minutes ago
Description : When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61960
Published : Oct. 15, 2025, 2:15 p.m. | 1 hour, 57 minutes ago
Description : When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61974 - BIG-IP SSL/TLS vulnerability
CVE ID : CVE-2025-61974
Published : Oct. 15, 2025, 2:15 p.m. | 1 hour, 57 minutes ago
Description : When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61974
Published : Oct. 15, 2025, 2:15 p.m. | 1 hour, 57 minutes ago
Description : When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53860 - F5OS-A FIPS HSM vulnerability
CVE ID : CVE-2025-53860
Published : Oct. 15, 2025, 3:15 p.m. | 58 minutes ago
Description : A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information on F5 rSeries systems. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53860
Published : Oct. 15, 2025, 3:15 p.m. | 58 minutes ago
Description : A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information on F5 rSeries systems. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10581 - Lenovo PC Manager DLL Hijacking Vulnerability
CVE ID : CVE-2025-10581
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10581
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10699 - "Lenovo LeCloud Client Information Disclosure Vulnerability"
CVE ID : CVE-2025-10699
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10699
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55083 - Broken bounds check in Broken bounds check in _nx_secure_tls_process_clienthello_psk_extension()
CVE ID : CVE-2025-55083
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55083
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-56748 - Creativeitem Academy LMS Predictable Password Reset Token Vulnerability
CVE ID : CVE-2025-56748
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-56748
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-56749 - Creativeitem Academy LMS JWT Secret Hardcoded Default Authentication Bypass
CVE ID : CVE-2025-56749
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-56749
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6026 - Lenovo Universal Device Client Certificate Validation Weakness
CVE ID : CVE-2025-6026
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain encrypted application metadata, including device information, geolocation, and telemetry data.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6026
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain encrypted application metadata, including device information, geolocation, and telemetry data.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8486 - PC Manager Elevation of Privilege Vulnerability
CVE ID : CVE-2025-8486
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8486
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9548 - Lenovo Power Management Driver Null Pointer Dereference Vulnerability
CVE ID : CVE-2025-9548
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9548
Published : Oct. 15, 2025, 3:16 p.m. | 57 minutes ago
Description : A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61935 - BIG-IP Advanced WAF and ASM vulnerability
CVE ID : CVE-2025-61935
Published : Oct. 15, 2025, 3:19 p.m. | 53 minutes ago
Description : When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61935
Published : Oct. 15, 2025, 3:19 p.m. | 53 minutes ago
Description : When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58071 - BIG-IP IPSec vulnerability
CVE ID : CVE-2025-58071
Published : Oct. 15, 2025, 3:19 p.m. | 53 minutes ago
Description : When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58071
Published : Oct. 15, 2025, 3:19 p.m. | 53 minutes ago
Description : When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61933 - BIG-IP APM cross-site scripting (XSS) vulnerability
CVE ID : CVE-2025-61933
Published : Oct. 15, 2025, 3:19 p.m. | 53 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61933
Published : Oct. 15, 2025, 3:19 p.m. | 53 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57780 - F5OS Vulnerability
CVE ID : CVE-2025-57780
Published : Oct. 15, 2025, 3:19 p.m. | 53 minutes ago
Description : A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57780
Published : Oct. 15, 2025, 3:19 p.m. | 53 minutes ago
Description : A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61990 - TMM vulnerability
CVE ID : CVE-2025-61990
Published : Oct. 15, 2025, 3:19 p.m. | 53 minutes ago
Description : When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61990
Published : Oct. 15, 2025, 3:19 p.m. | 53 minutes ago
Description : When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2529 - IBM Terracotta denial of service
CVE ID : CVE-2025-2529
Published : Oct. 15, 2025, 3:29 p.m. | 44 minutes ago
Description : Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2529
Published : Oct. 15, 2025, 3:29 p.m. | 44 minutes ago
Description : Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62370 - Alloy Core has a DoS vulnerability on `alloy_dyn_abi::TypedData` hashing
CVE ID : CVE-2025-62370
Published : Oct. 15, 2025, 3:32 p.m. | 41 minutes ago
Description : Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to a denial-of-service (DoS) via eip712_signing_hash(). Software with high availability requirements such as network services may be particularly impacted. If in use, external auto-restarting mechanisms can partially mitigate the availability issues unless repeated attacks are possible. The vulnerability was patched by adding a check to ensure the element is not empty before accessing its first element; an error is returned if it is empty. The fix is included in version v1.4.1 and backported to v0.8.26.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62370
Published : Oct. 15, 2025, 3:32 p.m. | 41 minutes ago
Description : Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to a denial-of-service (DoS) via eip712_signing_hash(). Software with high availability requirements such as network services may be particularly impacted. If in use, external auto-restarting mechanisms can partially mitigate the availability issues unless repeated attacks are possible. The vulnerability was patched by adding a check to ensure the element is not empty before accessing its first element; an error is returned if it is empty. The fix is included in version v1.4.1 and backported to v0.8.26.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...