Security Vulnerabilities
A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
4.9
EPSS Score
0.001
Published
2026-02-04
A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary JavaScript that is persistently stored and executed when the affected interface is accessed.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-04
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
5.9
EPSS Score
0.0
Published
2026-02-04
A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS Score
3.3
EPSS Score
0.0
Published
2026-02-04
A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
3.1
EPSS Score
0.001
Published
2026-02-04
When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
5.9
EPSS Score
0.001
Published
2026-02-04
An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-02-04
A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-04
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.7.1.
An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or sensitive information.
Users are recommended to upgrade to version 2.0.0, which fixes the issue.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-02-04
This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
CVSS Score
10.0
EPSS Score
0.001
Published
2026-02-04