π¨ CVE-2025-53868
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
F5
BIG-IP SCP and SFTP vulnerability CVE-2025-53868
Security Advisory Description When running in Appliance mode, a highly privileged authenticated attacker with access to Secure Copy (SCP) protocol and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands. (CVE-2025-53868) Impactβ¦
π¨ CVE-2025-54479
When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
F5
BIG-IP PEM vulnerability CVE-2025-54479
Security Advisory Description When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2025-54479) Impact Traffic is disruptedβ¦
π¨ CVE-2025-54755
A directory traversal vulnerability exists in TMUI that allows an authenticated attacker to access files which are not limited to the intended files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
A directory traversal vulnerability exists in TMUI that allows an authenticated attacker to access files which are not limited to the intended files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
F5
BIG-IP Configuration utility vulnerability CVE-2025-54755
Security Advisory Description A directory traversal vulnerability exists in the BIG-IP Configuration utility that allows a highly privileged authenticated attacker to access files which are not limited to the intended files. (CVE-2025-54755) Impact A highlyβ¦
π¨ CVE-2025-54854
When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
F5
BIG-IP APM vulnerability CVE-2025-54854
Security Advisory Description When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. (CVE-2025-54854) Impact Traffic is disrupted while theβ¦
π¨ CVE-2025-58096
When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
F5
BIG-IP TMM vulnerability CVE-2025-58096
Security Advisory Description When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. (CVE-2025-58096) Impactβ¦
π¨ CVE-2025-59268
On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
F5
BIG-IP Configuration utility vulnerability CVE-2025-59268
Security Advisory Description On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility. (CVE-2025-59268) Impact This vulnerability mayβ¦
π¨ CVE-2025-59269
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
F5
BIG-IP Configuration utility XSS vulnerability CVE-2025-59269
Security Advisory Description A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. (CVE-2025-59269) Impactβ¦
π¨ CVE-2025-59481
A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
F5
BIG-IP iControl REST and tmsh vulnerability CVE-2025-59481
Security Advisory Description A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least the resource administrator role to execute arbitrary system commands with higherβ¦
π¨ CVE-2025-59483
A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
π@cveNotify
F5
BIG-IP Configuration utility vulnerability CVE-2025-59483
Security Advisory Description An arbitrary file upload vulnerability exists in an undisclosed URL in the Configuration utility. (CVE-2025-59483) Impact A highly privileged authenticated attacker may be able to exploit this vulnerability to upload arbitraryβ¦
π¨ CVE-2025-58132
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.
π@cveNotify
Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.
π@cveNotify
Zoom
ZSB-25038
π¨ CVE-2025-58133
Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.
π@cveNotify
Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.
π@cveNotify
Zoom
ZSB-25039
π¨ CVE-2024-56143
Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not properly sanitize query parameters for private fields. An attacker can access private fields, including admin passwords and reset tokens, by crafting queries with the lookup parameter. This vulnerability is fixed in 5.5.2.
π@cveNotify
Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not properly sanitize query parameters for private fields. An attacker can access private fields, including admin passwords and reset tokens, by crafting queries with the lookup parameter. This vulnerability is fixed in 5.5.2.
π@cveNotify
GitHub
fix: remove lookup param from doc service Β· strapi/strapi@0c6e095
π Strapi is the leading open-source headless CMS. Itβs 100% JavaScript/TypeScript, fully customizable, and developer-first. - fix: remove lookup param from doc service Β· strapi/strapi@0c6e095
π¨ CVE-2002-0367
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
π@cveNotify
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
π@cveNotify
π¨ CVE-2004-0210
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
π@cveNotify
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
π@cveNotify
www.kb.cert.org
CERT/CC Vulnerability Note VU#647436
Microsoft Windows contains a buffer overflow in the POSIX subsystem
π¨ CVE-2004-1464
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
π@cveNotify
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
π@cveNotify
Flexera
Secunia Research
Flexera provides software licensing management, software compliance, installation and application packaging solutions to developers and their customers.
π¨ CVE-2005-2773
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
π@cveNotify
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
π@cveNotify
π¨ CVE-2006-1547
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
π@cveNotify
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
π@cveNotify
π¨ CVE-2006-2492
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
π@cveNotify
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
π@cveNotify
Microsoft
Microsoft Learn: Build skills that open doors in your career
Gain technical skills through documentation and training, earn certifications and connect with the community
π¨ CVE-2007-0671
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
π@cveNotify
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
π@cveNotify
π¨ CVE-2007-3010
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
π@cveNotify
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
π@cveNotify
π¨ CVE-2008-0655
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.
π@cveNotify
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.
π@cveNotify