Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10307
Total
705
Critical
2965
High
3260
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-40435 | MEDIUM | 5.3 | When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached … | May 13, 2026 |
| CVE-2026-40423 | HIGH | 7.5 | When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which … | May 13, 2026 |
| CVE-2026-40067 | HIGH | 7.5 | When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which … | May 13, 2026 |
| CVE-2026-40061 | HIGH | 8.7 | When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker … | May 13, 2026 |
| CVE-2026-40060 | HIGH | 7.5 | When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: … | May 13, 2026 |
| CVE-2026-39459 | HIGH | 7.2 | A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the Manager role can create … | May 13, 2026 |
| CVE-2026-39458 | HIGH | 7.5 | When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to … | May 13, 2026 |
| CVE-2026-39455 | HIGH | 7.5 | When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the … | May 13, 2026 |
| CVE-2026-36742 | UNKNOWN | — | Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected (hidden/debug mode). | May 13, 2026 |
| CVE-2026-36741 | UNKNOWN | — | U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Network Time Protocol (NTP) configuration interface does not properly sanitize user-supplied … | May 13, 2026 |
| CVE-2026-36738 | UNKNOWN | — | U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or … | May 13, 2026 |
| CVE-2026-35062 | MEDIUM | 6.5 | An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support (EoTS) … | May 13, 2026 |
| CVE-2026-34176 | HIGH | 8.7 | When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker … | May 13, 2026 |
| CVE-2026-34019 | MEDIUM | 5.3 | When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to stop processing … | May 13, 2026 |
| CVE-2026-32673 | HIGH | 8.7 | A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands … | May 13, 2026 |
| CVE-2026-32643 | HIGH | 8.7 | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects … | May 13, 2026 |
| CVE-2026-31156 | UNKNOWN | — | A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path … | May 13, 2026 |
| CVE-2026-28758 | MEDIUM | 4.4 | When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST commands that return the ssh-password parameter in cleartext in the … | May 13, 2026 |
| CVE-2026-24464 | MEDIUM | 6.8 | When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role … | May 13, 2026 |
| CVE-2026-20916 | HIGH | 8.1 | An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: … | May 13, 2026 |
| CVE-2025-32425 | UNKNOWN | — | AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process … | May 13, 2026 |
| CVE-2025-29338 | UNKNOWN | — | NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the mod_para parameter in the woal_init_module_param … | May 13, 2026 |
| CVE-2025-28344 | UNKNOWN | — | striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack. | May 13, 2026 |
| CVE-2025-28343 | UNKNOWN | — | striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons. | May 13, 2026 |
| CVE-2024-55045 | UNKNOWN | — | Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c. | May 13, 2026 |