6.9
CVE-2025-59980 - Junos OS: When a user with the name ftp or anonymous is configured unauthenticated filesystem acces…
An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can l…
9.4
CVE-2025-59978 - Junos Space: Stored cross-site scripting vulnerability in web application
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's administra…
7.1
CVE-2025-59976 - Junos Space: Arbitrary file download vulnerability in web interface
An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker can gain access to files beyond the file pat…
8.7
CVE-2025-59975 - Junos Space: Flooding device with inbound API calls leads to WebUI and CLI management access DoS
An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a Denial of Service (DoS). After continuously…
9.3
CVE-2025-59974 - Junos Space Security Director: Persistent Cross-Site Scripting (XSS) vulnerability
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Junos Space Security Director allows an attacker to inject malicious scripts into the application, which are then stored and executed in the context of other users' browsers when they access aff…
7.7
CVE-2025-59968 - Junos Space Security Director: Insufficient authorization for sensitive resources in web interface
A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Series devices permitting network traffic that s…
7.1
CVE-2025-59967 - Junos OS Evolved: ACX7024, ACX7024X, ACX7100-32C, ACX7100-48L, ACX7348, ACX7509: When specific val…
A NULL Pointer Dereference vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7024, ACX7024X, ACX7100-32C, ACX7100-48L, ACX7348, ACX7509 devices allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). Whenever specific val…
8.7
CVE-2025-59964 - Junos OS: SRX4700: When forwarding-options sampling is enabled any traffic destined to the RE will …
A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When forwarding-options sampling is enabled, receipt of any traffic destined to …
9.6
CVE-2025-10284 - Improper Archive Extraction in unarchive Enables RCE
BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.
9.6
CVE-2025-10283 - Improper .git Sanitization in gitdumper Enables RCE
BBOT's gitdumper module could be abused to execute commands through a malicious git repository.