f5

1,024 tracked vulnerabilities.

CVE-2026-28758 MEDIUM
BIG-IP - Cleartext Storage of Sensitive Information in iControl REST Response and Audit Log
May 13, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-24464 MEDIUM
F5 BIG-IP 16.1.0-21.0.0, 21.1.0-21.1.0 - Authenticated Path Traversal via iControl REST Endpoint
May 13, 2026
CVSS 6.8
EPSS 0.01
CVE-2026-20916 HIGH
BIG-IQ 8.4.0 - Authenticated Arbitrary File Write via iControl REST Endpoint
May 13, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32647 HIGH
NGINX ngx_http_mp4_module vulnerability
Mar 24, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-28755 MEDIUM
NGINX ngx_stream_ssl_module vulnerability
Mar 24, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-28753 LOW
NGINX ngx_mail_proxy_module vulnerability
Mar 24, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-27784 HIGH
NGINX ngx_http_mp4_module vulnerability
Mar 24, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-27654 HIGH
NGINX ngx_http_dav_module vulnerability
Mar 24, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-27651 HIGH
NGINX ngx_mail_auth_http_module vulnerability
Mar 24, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-2507 HIGH
F5 BIG-IP - Denial of Service via Undisclosed Traffic
Feb 18, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-22549 MEDIUM
F5 BIG-IP Container Ingress Services 1.0.0-1.13.9 - Unauthenticated Excessive Privilege Assignment
Feb 04, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-22548 MEDIUM
F5 BIG-IP Advanced WAF and ASM 17.1.0-17.1.2 - Denial of Service via bd Process Termination
Feb 04, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-20732 LOW
F5 BIG-IP 16.1.0-16.1.6 - User Interface Misrepresentation of Critical Information
Feb 04, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-20730 LOW
BIG-IP Edge Client - Info Disclosure
Feb 04, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-1642 MEDIUM
NGINX OSS 1.3.0-1.28.1 & NGINX Plus r33-r34 TLS Data Authenticity Verification Bypass
Feb 04, 2026
CVSS 5.9
EPSS 0.00
CVE-2025-14727 HIGH
F5 NGINX Ingress Controller - Path Traversal via Rewrite-Target Annotation
Dec 17, 2025
CVSS 8.3
EPSS 0.00
CVE-2025-61990 HIGH
F5 BIG-IP 15.1.0-15.1.10.8 - Denial of Service via TMM Double Free
Oct 15, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61935 HIGH
F5 BIG-IP Advanced WAF and ASM 15.1.0-15.1.10.7 - Denial of Service via Undisclosed Requests
Oct 15, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61933 MEDIUM
F5 BIG-IP Access Policy Manager 15.1.0-15.1.10.7 - Reflected Cross-Site Scripting
Oct 15, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-58071 HIGH
F5 BIG-IP 15.1.0-15.1.10.8 - Denial of Service via IPsec Traffic
Oct 15, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-57780 HIGH
F5OS-A F5OS-C - Privilege Escalation
Oct 15, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-53860 MEDIUM
F5OS-A 1.5.1-1.5.3 - Authenticated Sensitive Information Exposure via FIPS HSM Access
Oct 15, 2025
CVSS 4.1
EPSS 0.00
CVE-2025-61974 HIGH
F5 BIG-IP Next 1.1.0-1.4.1 & Service Proxy for Kubernetes 1.7.0-1.9.2 Memory Leak via Client SSL Profile
Oct 15, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61960 HIGH
BIG-IP APM 16.1.0-16.1.6.1 - Denial of Service via Per-Request Policy
Oct 15, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61958 HIGH
F5 BIG-IP 15.1.0-15.1.10.8 - Authenticated Privilege Escalation via iHealth Command
Oct 15, 2025
CVSS 8.7
EPSS 0.00
Products
big-ip_access_policy_manager 589 big-ip_application_security_manager 541 big-ip_advanced_firewall_manager 514 big-ip_local_traffic_manager 503 big-ip_policy_enforcement_manager 495 big-ip_link_controller 487 big-ip_application_acceleration_manager 486 big-ip_analytics 473 big-ip_global_traffic_manager 452 big-ip_domain_name_system 429 big-ip_fraud_protection_service 367 big-ip_webaccelerator 259 big-ip_edge_gateway 255 big-ip_advanced_web_application_firewall 155 big-ip_websafe 137 big-ip_ddos_hybrid_defender 127 big-ip_ssl_orchestrator 108 big-iq_centralized_management 77 big-ip_carrier-grade_nat 71 big-ip_application_visibility_and_reporting 70 big-ip_protocol_security_module 61 big-ip_container_ingress_services 48 big-ip_automation_toolchain 47 BIG-IP 46 nginx 41 enterprise_manager 39 njs 39 big-ip_wan_optimization_manager 38 traffix_signaling_delivery_controller 31 ssl_orchestrator 27
Quick Filters
Critical CVEs With Exploits In CISA KEV