8.7
CVE-2025-46265 - F5OS vulnerability
On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles.ย Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
8.3
CVE-2025-43878 - F5OS-A/C CLI vulnerability
When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system.ย Note: Software versions which have reached End of Techโฆ
9.2
CVE-2025-36546 - F5OS Appliance Mode vulnerability
On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH priโฆ
8.7
CVE-2025-36557 - BIG-IP HTTP vulnerability
When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.ย Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
8.7
CVE-2025-41399 - SCTP Vulnerability
When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.ย Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
5.1
CVE-2023-7303 - q2apro q2apro-on-site-notifications q2apro-onsitenotifications-page.php process_request cross site โฆ
A vulnerability, which was classified as problematic, was found in q2apro q2apro-on-site-notifications up to 1.4.6. This affects the function process_request of the file q2apro-onsitenotifications-page.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remoteโฆ
1.3
CVE-2025-46826 - insa-auth Open-Redirect on provided CAS server login endpoint
insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and number). However, the issue posed minimal risk, was never exploited, and had limited impโฆ
5.3
CVE-2025-46821 - Envoy vulnerable to bypass of RBAC uri_template permission
Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the `*` character from a set of valid characters in the URI path. As a result URI path containing the `*` character will not match a URI templatโฆ
6.1
CVE-2025-4043 - Milesight UG65-868M-EA Improper Access Control for Volatile Memory Containing Boot Code
An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot.
8.5
CVE-2025-3925 - BrightSign Players Execution with Unnecessary Privileges
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained.