Skip to main content
CVE-2025-20029 HIGH Act Now

F5 BIG-IP contains an authenticated command injection in the iControl REST API and TMOS Shell (tmsh) save command. Authenticated attackers can inject system commands through crafted save operations, executing arbitrary code on the BIG-IP appliance which typically handles load balancing and SSL termination for critical application infrastructure.

Command Injection Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +17
NVD
CVSS 4.0
8.7
EPSS
66.2%
CVE-2020-36084 CRITICAL POC Act Now

SQL Injection vulnerability in SourceCodester Responsive E-Learning System 1.0 allows remote attackers to inject sql query in /elearning/delete_teacher_students.php?id= parameter via id field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Responsive E Learning System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-20125 CRITICAL POC CERT-EU Act Now

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cisco Identity Services Engine
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
2.1%
CVE-2025-1025 HIGH POC PATCH This Week

Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to bypass the upload filter. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD GitHub
CVSS 4.0
7.7
EPSS
4.9%
CVE-2025-0665 HIGH POC PATCH This Week

A double-close vulnerability exists in libcurl when tearing down connection channels after threaded name resolution, causing the same eventfd file descriptor to be closed twice. This affects curl version 8.11.1 and various NetApp products that bundle libcurl, potentially leading to file descriptor confusion, limited information disclosure, and high availability impact. A public proof-of-concept exploit is available (HackerOne report 2954286), and the vulnerability has a notably high EPSS score of 6.37% (91st percentile), indicating elevated real-world exploitation likelihood.

Mozilla Denial Of Service Use After Free Bootstrap Os H410c Firmware +8
NVD VulDB
CVSS 3.1
7.0
EPSS
6.4%
CVE-2024-9631 HIGH POC This Week

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-57598 MEDIUM POC This Month

A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote attacker to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-57077 CRITICAL Act Now

The latest version of utils-extend (1.0.8) is vulnerable to Prototype Pollution through the entry function(s) lib.extend. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Denial Of Service
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-25246 HIGH This Week

NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Netgear Code Injection
NVD
CVSS 3.1
8.1
EPSS
5.0%
CVE-2025-23114 CRITICAL Act Now

A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE
NVD
CVSS 3.0
9.0
EPSS
0.4%
CVE-2025-21087 HIGH This Week

When Client or Server SSL profiles are configured on a Virtual Server, or DNSSEC signing operations are in use, undisclosed traffic can cause an increase in memory and CPU resource utilization. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +17
NVD
CVSS 4.0
8.9
EPSS
0.4%
CVE-2025-1028 HIGH This Week

The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress RCE File Upload PHP
NVD
CVSS 3.1
8.1
EPSS
4.4%
CVE-2025-21091 HIGH This Week

When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +17
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-22891 HIGH PATCH This Week

When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Policy Enforcement Manager Suse
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-23412 HIGH This Week

When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Big Ip Access Policy Manager
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-24312 HIGH This Week

When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Advanced Firewall Manager Big Ip Next Cloud Native Network Functions
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-22846 HIGH This Week

When SIP Session and Router ALG profiles are configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Next Service Proxy For Kubernetes Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +8
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-23239 HIGH This Week

When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-56135 HIGH This Week

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Multi Tenant Loadmaster Loadmaster
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-56131 HIGH This Week

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Multi Tenant Loadmaster Loadmaster
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-2878 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2024-56132 HIGH This Week

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Multi Tenant Loadmaster Loadmaster
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-56134 HIGH This Week

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Multi Tenant Loadmaster Loadmaster
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-56133 HIGH This Week

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Multi Tenant Loadmaster Loadmaster
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-0413 HIGH This Week

Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Remote Application Server Parallels
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2025-1022 HIGH PATCH This Week

Information disclosure in spatie/browsershot (PHP library) allows remote unauthenticated attackers to read arbitrary local files through file URI scheme bypass in HTML rendering. Versions before 5.0.5 fail to validate file:// URI schemes in the setHtml function, enabling access to sensitive files like /etc/passwd via crafted file: URIs without slashes. Publicly available exploit code exists (EPSS 0.18%), patch confirmed in version 5.0.5 via vendor commits bcfd608 and e327397.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.2%
CVE-2024-48394 HIGH This Week

A Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the driver of the NDD Print solution, which could allow an unprivileged user to exploit this flaw and gain SYSTEM-level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20175 HIGH This Week

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Cisco Ios Xe
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2025-20174 HIGH This Week

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Cisco Ios Xe
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2025-20170 HIGH This Week

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Cisco Ios Xe
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2025-20169 HIGH This Week

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Cisco Ios Xe
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2025-20176 HIGH This Week

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Cisco Ios Xe
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2025-20173 HIGH This Week

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Cisco Ios Xe
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2025-20172 HIGH This Week

A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Cisco Ios Xe Ios Xr
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2025-20171 HIGH This Week

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Cisco Ios Xe
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2024-57063 HIGH This Week

A prototype pollution in the lib function of php-date-formatter v1.3.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-57085 HIGH PATCH This Week

A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-57074 HIGH This Week

A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-57064 HIGH This Week

A prototype pollution in the lib.setValue function of @syncfusion/ej2-spreadsheet v27.2.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57078 HIGH This Week

A prototype pollution in the lib.merge function of cli-util v1.1.27 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57067 HIGH This Week

A prototype pollution in the lib.parse function of dot-qs v0.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57079 HIGH PATCH This Week

A prototype pollution in the lib.deepMerge function of @zag-js/core v0.50.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57086 HIGH PATCH This Week

A prototype pollution in the function fieldsToJson of node-opcua-alarm-condition v2.134.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57084 HIGH This Week

A prototype pollution in the function lib.parse of dot-properties v1.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57080 HIGH This Week

A prototype pollution in the lib.install function of vxe-table v4.8.10 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57071 HIGH This Week

A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57069 HIGH This Week

A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57066 HIGH This Week

A prototype pollution in the lib.deep function of @ndhoule/defaults v2.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57068 HIGH PATCH This Week

A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57072 HIGH This Week

A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy