f5
1,031 tracked vulnerabilities.
CVE-2026-39458
HIGH
F5 BIG-IP DNS Cache - TMM Denial of Service
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-39455
HIGH
BIG-IP 21.1.0+ 21.0.0-21.0.0.1 17.5.0-17.5.1.5 17.1.0-17.1.3.1 16.1.0 - Denial of Service via LDAP Authentication
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-35062
MEDIUM
F5 BIG-IP 21.1.0-21.0.0.1/17.5.1-17.5.1.4/17.1.0-17.1.3.1/16.1.0 Authenticated Info Disclosure via iControl SOAP
May 13, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34176
HIGH
F5 BIG-IP 16.1.0-21.1.0 - Authenticated Remote Command Injection via iControl REST Endpoint
May 13, 2026
CVSS 8.7
EPSS 0.01
CVE-2026-34019
MEDIUM
F5 BIG-IP BFD - Routing Protocol Denial of Service
May 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-32673
HIGH
F5 BIG-IP 16.1.0-21.1.0 - Authenticated Privilege Escalation via Scripted Monitors
May 13, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-32643
HIGH
F5 BIG-IP/BIG-IQ - Authenticated Command Execution
May 13, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-28758
MEDIUM
BIG-IP - Cleartext Storage of Sensitive Information in iControl REST Response and Audit Log
May 13, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-24464
MEDIUM
F5 BIG-IP 16.1.0-21.0.0, 21.1.0-21.1.0 - Authenticated Path Traversal via iControl REST Endpoint
May 13, 2026
CVSS 6.8
EPSS 0.01
CVE-2026-20916
HIGH
BIG-IQ 8.4.0 - Authenticated Arbitrary File Write via iControl REST Endpoint
May 13, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32647
HIGH
NGINX ngx_http_mp4_module vulnerability
Mar 24, 2026
CVSS 7.8
EPSS 0.01
CVE-2026-28755
MEDIUM
NGINX ngx_stream_ssl_module vulnerability
Mar 24, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-28753
LOW
NGINX ngx_mail_proxy_module vulnerability
Mar 24, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-27784
HIGH
NGINX ngx_http_mp4_module vulnerability
Mar 24, 2026
CVSS 7.8
EPSS 0.01
CVE-2026-27654
HIGH
NGINX ngx_http_dav_module vulnerability
Mar 24, 2026
CVSS 8.2
EPSS 0.22
CVE-2026-27651
HIGH
NGINX ngx_mail_auth_http_module vulnerability
Mar 24, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-2507
HIGH
F5 BIG-IP - Denial of Service via Undisclosed Traffic
Feb 18, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-22549
MEDIUM
F5 BIG-IP Container Ingress Services 1.0.0-1.13.9 - Unauthenticated Excessive Privilege Assignment
Feb 04, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-22548
MEDIUM
F5 BIG-IP Advanced WAF and ASM 17.1.0-17.1.2 - Denial of Service via bd Process Termination
Feb 04, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-20732
LOW
F5 BIG-IP 16.1.0-16.1.6 - User Interface Misrepresentation of Critical Information
Feb 04, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-20730
LOW
BIG-IP Edge Client - Info Disclosure
Feb 04, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-1642
MEDIUM
NGINX OSS 1.3.0-1.28.1 & NGINX Plus r33-r34 TLS Data Authenticity Verification Bypass
Feb 04, 2026
CVSS 5.9
EPSS 0.00
CVE-2025-14727
HIGH
F5 NGINX Ingress Controller - Path Traversal via Rewrite-Target Annotation
Dec 17, 2025
CVSS 8.3
EPSS 0.00
CVE-2025-61990
HIGH
F5 BIG-IP 15.1.0-15.1.10.8 - Denial of Service via TMM Double Free
Oct 15, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61935
HIGH
F5 BIG-IP Advanced WAF and ASM 15.1.0-15.1.10.7 - Denial of Service via Undisclosed Requests
Oct 15, 2025
CVSS 7.5
EPSS 0.00
Products
big-ip_access_policy_manager 628
big-ip_application_security_manager 581
big-ip_advanced_firewall_manager 552
big-ip_local_traffic_manager 541
big-ip_policy_enforcement_manager 533
big-ip_link_controller 525
big-ip_application_acceleration_manager 524
big-ip_analytics 511
big-ip_global_traffic_manager 490
big-ip_domain_name_system 469
big-ip_fraud_protection_service 405
big-ip_webaccelerator 297
big-ip_edge_gateway 293
big-ip_advanced_web_application_firewall 195
big-ip_websafe 175
big-ip_ddos_hybrid_defender 166
big-ip_ssl_orchestrator 147
big-ip_carrier-grade_nat 109
big-ip_application_visibility_and_reporting 108
big-ip_container_ingress_services 86
big-ip_automation_toolchain 85
big-iq_centralized_management 85
big-ip_protocol_security_module 61
BIG-IP 46
nginx 42
njs 40
enterprise_manager 39
big-ip_wan_optimization_manager 38
traffix_signaling_delivery_controller 31
ssl_orchestrator 27
Quick Filters