CVE-2025-36504 – BIG-IP HTTP/2 httprouter Profile Memory Consumption Vulnerability

May 7, 2025

CVE ID : CVE-2025-36504

Published : May 7, 2025, 10:15 p.m. | 1 hour, 21 minutes ago

Description : When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-36525 – BIG-IP APM PingAccess Profile Request Termination Vulnerability

Next Article CVE-2025-35995 – BIG-IP PEM Denial of Service Vulnerability

Highlights

CVE-2025-5236 – NinjaTeam Chat for Telegram WordPress Stored Cross-Site Scripting

May 30, 2025

CVE ID : CVE-2025-5236

Published : May 30, 2025, 8:15 a.m. | 1 hour, 21 minutes ago

Description : The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

I keep seeing people at events taking notes on E-Ink tablets — so I tried one to see what all the fuss is about

“A fantastic device for creative users” — this $550 discount on ASUS’s 3K OLED creator laptop disappears before Prime Day

Distribution Release: Rhino Linux 2025.3

Token System using PHP and MySQL

Token System using PHP and MySQL

Create React UI component with uncontrollable

Flaget – new small 5kB CLI argument parser

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

I keep seeing people at events taking notes on E-Ink tablets — so I tried one to see what all the fuss is about

Le notizie minori del mondo GNU/Linux e dintorni della settimana nr 27/2025

CVE-2025-36504 – BIG-IP HTTP/2 httprouter Profile Memory Consumption Vulnerability

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

Report shows overinflated opinion of infrastructure automation excellence

CVE-2025-5543 – TOTOLINK X2000R Cross-Site Scripting Vulnerability in Parent Controls Page

Design Patterns in Angular

CVE-2025-37892 – Linux Kernel MTD INFTL Buffer Overflow

CVE-2025-5236 – NinjaTeam Chat for Telegram WordPress Stored Cross-Site Scripting

Call of Duty’s anticheat team are going after Cronus users, and they intend to win

CVE-2025-2156 – Red Hat Linux Kernel Uninitialized Memory Access

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

CVE-2025-36504 – BIG-IP HTTP/2 httprouter Profile Memory Consumption Vulnerability

Related Posts