f5

1,024 tracked vulnerabilities.

CVE-2025-36504 HIGH
F5 BIG-IP 16.1.0-16.1.5 - Memory Exhaustion via HTTP/2 httprouter Profile
May 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-35995 HIGH
BIG-IP Policy Enforcement Manager 15.1.0-15.1.10.7.0.4.5 - Out-of-bounds Read via URL Categorization Policy
May 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-31644 HIGH
BIG-IP TMOS Shell - Command Injection
May 07, 2025
CVSS 8.7
EPSS 0.01
CVE-2025-1695 MEDIUM
NGINX Unit 1.29.1-1.34.1 - Denial of Service via Java Language Module Infinite Loop
Mar 04, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-24497 HIGH
F5 BIG-IP Policy Enforcement Manager 17.1.0-17.1.1 - Denial of Service via URL Categorization
Feb 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-24326 HIGH
F5 BIG-IP ASM 15.1.0-15.1.10.6.0.11.6 - Out-of-bounds Write via TLS Signatures
Feb 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-24320 HIGH
BIG-IP 15.1.0-15.1.10.6 - Stored Cross-Site Scripting in Configuration Utility
Feb 05, 2025
CVSS 8.0
EPSS 0.01
CVE-2025-24319 MEDIUM
F5 BIG-IP Next Central Manager 20.2.0-20.2.x - Denial of Service via API Request
Feb 05, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-24312 HIGH
F5 Big-ip Advanced Firewall Manager < 15.1.10.6.0.11.6 - Resource Allocation Without Limits
Feb 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-23419 MEDIUM
F5 NGINX 1.11.4-1.26.2 and NGINX Plus R28-R31 - Incorrect Authorization via TLS Session Resumption
Feb 05, 2025
CVSS 4.3
EPSS 0.03
CVE-2025-23415 LOW
F5 BIG-IP APM 15.1.0-15.1.10.6.0.11.6 - Insufficient Verification of Data Authenticity in VPN Endpoint Inspection
Feb 05, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-23413 MEDIUM
F5 BIG-IP Next Central Manager 20.2.0-20.2.x - Sensitive Information Disclosure in pgaudit Log Files
Feb 05, 2025
CVSS 4.4
EPSS 0.00
CVE-2025-23412 HIGH
F5 BIG-IP Access Policy Manager 16.1.3-16.1.5 - Denial of Service via Undisclosed Request
Feb 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-23239 HIGH
F5 BIG-IP - Authenticated Remote Command Injection via iControl REST Endpoint
Feb 05, 2025
CVSS 8.7
EPSS 0.01
CVE-2025-22891 HIGH
BIG-IP Policy Enforcement Manager 15.1.0-15.1.10.6.0.11.6 - Denial of Service via Diameter Endpoint Profile
Feb 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-22846 HIGH
F5 BIG-IP Next Service Proxy for Kubernetes 1.7.0-1.7.6 - Denial of Service via SIP Session and Router ALG Profiles
Feb 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-21091 HIGH
BIG-IP 15.1.0-15.1.10 - Memory Leak via SNMP Requests
Feb 05, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-21087 HIGH
F5 BIG-IP 15.1.0-15.1.9 - Uncontrolled Resource Consumption via SSL Profile or DNSSEC Operations
Feb 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-20058 HIGH
F5 BIG-IP 15.1.0-15.1.10 - Uncontrolled Resource Consumption via Message Routing Profile
Feb 05, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-20045 HIGH
F5 BIG-IP 15.1.0-15.1.10 - Denial of Service via SIP ALG Passthru Mode
Feb 05, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-20029 HIGH
F5 BIG-IP 15.1.0-15.1.10.6 - Authenticated OS Command Injection via iControl REST and TMOS Shell Save Command
Feb 05, 2025
CVSS 8.8
EPSS 0.66
CVE-2024-10318 MEDIUM
NGINX OpenID Connect - Session Fixation
Nov 06, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-47139 MEDIUM
BIG-IQ Centralized Management - Authenticated Stored Cross-Site Scripting in Configuration Utility
Oct 16, 2024
CVSS 6.8
EPSS 0.01
CVE-2024-45844 HIGH
F5 BIG-IP 15.1.0-15.1.10.5 - Unauthenticated Access Control Bypass via Monitor Functionality
Oct 16, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-7634 MEDIUM
F5 NGINX Agent 2.17.0-2.36.9 and NGINX Instance Manager 2.3.1-2.17.1 - Path Traversal via Config Dirs Restriction Bypass
Aug 22, 2024
CVSS 4.9
EPSS 0.01
Products
big-ip_access_policy_manager 589 big-ip_application_security_manager 541 big-ip_advanced_firewall_manager 514 big-ip_local_traffic_manager 503 big-ip_policy_enforcement_manager 495 big-ip_link_controller 487 big-ip_application_acceleration_manager 486 big-ip_analytics 473 big-ip_global_traffic_manager 452 big-ip_domain_name_system 429 big-ip_fraud_protection_service 367 big-ip_webaccelerator 259 big-ip_edge_gateway 255 big-ip_advanced_web_application_firewall 155 big-ip_websafe 137 big-ip_ddos_hybrid_defender 127 big-ip_ssl_orchestrator 108 big-iq_centralized_management 77 big-ip_carrier-grade_nat 71 big-ip_application_visibility_and_reporting 70 big-ip_protocol_security_module 61 big-ip_container_ingress_services 48 big-ip_automation_toolchain 47 BIG-IP 46 nginx 41 enterprise_manager 39 njs 39 big-ip_wan_optimization_manager 38 traffix_signaling_delivery_controller 31 ssl_orchestrator 27
Quick Filters
Critical CVEs With Exploits In CISA KEV