CVE Alert: CVE-2025-61938 – F5 – BIG-IP
CVE-2025-61938 HIGHNo exploitation known When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than...
Vulnerabilities
CVE Alert: CVE-2025-58120 – F5 – BIG-IP Next SPK
CVE-2025-58120 HIGHNo exploitation known When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note:...
CVE Alert: CVE-2025-55669 – F5 – BIG-IP
CVE-2025-55669 HIGHNo exploitation known When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured...
CVE Alert: CVE-2025-59478 – F5 – BIG-IP
CVE-2025-59478 HIGHNo exploitation known When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server, undisclosed requests...
CVE Alert: CVE-2025-58096 – F5 – BIG-IP
CVE-2025-58096 HIGHNo exploitation known When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can...
CVE Alert: CVE-2025-55036 – F5 – BIG-IP
CVE-2025-55036 HIGHNo exploitation known When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy...
CVE Alert: CVE-2025-53868 – F5 – BIG-IP
CVE-2025-53868 HIGHNo exploitation known When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP...
CVE Alert: CVE-2025-54858 – F5 – BIG-IP
CVE-2025-54858 HIGHNo exploitation known When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content...
CVE Alert: CVE-2025-54854 – F5 – BIG-IP
CVE-2025-54854 HIGHNo exploitation known When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a...
CVE Alert: CVE-2025-54479 – F5 – BIG-IP
CVE-2025-54479 HIGHNo exploitation known When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile,...
CVE Alert: CVE-2025-53521 – F5 – BIG-IP
CVE-2025-53521 HIGHNo exploitation known When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause...
CVE Alert: CVE-2025-53856 – F5 – BIG-IP
CVE-2025-53856 HIGHNo exploitation known When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object...
CVE Alert: CVE-2025-48008 – F5 – BIG-IP
CVE-2025-48008 HIGHNo exploitation known When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed...
CVE Alert: CVE-2025-53474 – F5 – BIG-IP
CVE-2025-53474 HIGHNo exploitation known When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause...
CVE Alert: CVE-2025-46706 – F5 – BIG-IP
CVE-2025-46706 HIGHNo exploitation known When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can...
CVE Alert: CVE-2025-11722 – ikhodal – Woocommerce Category and Products Accordion Panel
CVE-2025-11722 HIGHNo exploitation known The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion...
CVE Alert: CVE-2025-10743 – maycorolbuche1 – Outdoor
CVE-2025-10743 HIGHNo exploitation known The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all...
CVE Alert: CVE-2025-41430 – F5 – BIG-IP
CVE-2025-41430 HIGHNo exploitation known When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to...
CVE Alert: CVE-2025-10754 – geolocationtechnology – DocoDoco Store Locator
CVE-2025-10754 HIGHNo exploitation known The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to missing...
CVE Alert: CVE-2025-11177 – tbenyon – External Login
CVE-2025-11177 HIGHNo exploitation known The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in...
CVE Alert: CVE-2025-10051 – themeinwp – Demo Import Kit
CVE-2025-10051 HIGHNo exploitation known The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing...
CVE Alert: CVE-2025-10299 – hakik – WPBifröst – Instant Passwordless Temporary Login Links
CVE-2025-10299 HIGHNo exploitation known The WPBifröst – Instant Passwordless Temporary Login Links plugin for WordPress is vulnerable to Privilege Escalation...
CVE Alert: CVE-2025-10293 – nexist – Keyy Two Factor Authentication (like Clef)
CVE-2025-10293 HIGHNo exploitation known The Keyy Two Factor Authentication (like Clef) plugin for WordPress is vulnerable to privilege escalation via...
CVE Alert: CVE-2025-10313 – jankimoradiya – Find And Replace content for WordPress
CVE-2025-10313 HIGHNo exploitation known The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site...
