Skip to main content
CVE-2025-24320 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +17
NVD
CVSS 4.0
5.1
EPSS
0.9%
CVE-2025-20058 HIGH This Month

When a BIG-IP message routing profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +17
NVD
CVSS 4.0
8.9
EPSS
0.5%
CVE-2025-20045 HIGH This Month

When SIP session Application Level Gateway mode (ALG) profile with Passthru Mode enabled and SIP router ALG profile are configured on a Message Routing type virtual server, undisclosed traffic can. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall +18
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2025-20179 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-20124 CRITICAL POC CERT-EU Act Now

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Deserialization Java Identity Services Engine
NVD Exploit-DB
CVSS 3.1
9.9
EPSS
8.3%
CVE-2024-42207 MEDIUM This Month

HCL iAutomate is affected by a session fixation vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Session Fixation Dryice Iautomate
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-39564 HIGH This Month

This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2024-9097 LOW Monitor

ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Manageengine Endpoint Central
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2024-5528 LOW POC Monitor

An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-0725 HIGH POC PATCH This Month

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Hci Baseboard Management Controller Hci H610S Firmware Hci H610C Firmware Hci H615C Firmware +6
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2025-0167 LOW POC Monitor

When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Element Software Ontap Ontap Select Deploy Administration Utility +13
NVD
CVSS 3.1
3.4
EPSS
0.3%
CVE-2024-6356 MEDIUM POC Monitor

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-53966 MEDIUM This Month

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
2.3%
CVE-2024-53962 MEDIUM This Month

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
1.5%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy