| | CVE-2026-41218 | F5 | high | 7.5 | 0.3%
| | When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASS… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-41217 | F5 | high | 7.9 | 0.1%
| | A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenti… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-40703 | F5 | medium | 5.4 | 0.1%
| | A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuratio… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-40699 | F5 | medium | 6.5 | 0.3%
| | A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-pr… | May 13, 2026 | Jun 24, 2026 |
| | CVE-2026-40698 | F5 | high | 8.7 | 0.2%
| | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40631 | F5 | high | 8.7 | 0.2%
| | An authenticated attacker with the Resource Administrator or Administrator role can modify configura… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40629 | F5 | high | 7.5 | 0.3%
| | When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual serv… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40618 | F5 | high | 7.5 | 0.3%
| | When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel Q… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40462 | F5 | medium | 6.5 | 0.2%
| | Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undiscl… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40460 | F5 | medium | 6.5 | 0.4%
| | When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may b… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40435 | F5 | medium | 5.3 | 0.2%
| | When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow … | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40423 | F5 | high | 7.5 | 0.3%
| | When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Mana… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40067 | F5 | high | 7.5 | 0.3%
| | When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40061 | F5 | high | 8.7 | 0.2%
| | When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TM… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-40060 | F5 | high | 7.5 | 0.3%
| | When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed req… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-39459 | F5 | high | 7.2 | 0.3%
| | A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authent… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-39458 | F5 | high | 7.5 | 0.3%
| | When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traf… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-39455 | F5 | high | 7.5 | 0.3%
| | When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LD… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-35062 | F5 | medium | 6.5 | 0.2%
| | An authenticated iControl SOAP user may be able to obtain information of other accounts.
Note: Sof… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-34176 | F5 | high | 8.7 | 0.7%
| | When running in Appliance mode, an authenticated remote command injection vulnerability exists in an… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-34019 | F5 | medium | 5.3 | 0.3%
| | When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols,… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-32673 | F5 | high | 8.7 | 0.2%
| | A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-32643 | F5 | high | 8.7 | 0.2%
| | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-28758 | F5 | medium | 4.4 | 0.1%
| | When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST co… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-24464 | F5 | medium | 6.8 | 0.9%
| | When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iContro… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-20916 | F5 | high | 8.1 | 0.4%
| | An authenticated iControl REST user with low privileges can create or modify arbitrary files through… | May 13, 2026 | Jun 29, 2026 |
| | CVE-2026-44572 | Red Hat | medium | 5.9 | 0.0%
| | A flaw was found in Next.js. An external client could exploit this vulnerability by sending a x-next… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-44664 | Red Hat | medium | 6.1 | 0.0%
| | A flaw was found in fast-xml-builder. The software, which builds XML from JSON, incorrectly sanitize… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-44665 | Red Hat | medium | 6.1 | 0.0%
| | A flaw was found in fast-xml-builder, a software component used to create XML documents from JSON da… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-44431 | Red Hat | medium | 5.9 | 0.0%
| | A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `Pr… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-44432 | Red Hat | high | 7.5 | 0.0%
| ✓ Fix | A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote a… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-42934 | Red Hat | medium | 4.8 | 0.0%
| | A flaw was found in the ngx_http_charset_module module of NGINX. When charset, source_charset, chars… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-40701 | Red Hat | medium | 4.8 | 0.0%
| | A flaw was found in the ngx_http_ssl_module module of NGINX. When the ssl_verify_client directive is… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-42945 | F5 | high | 8.1 | 61.5%
| | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vu… | May 13, 2026 | Jul 2, 2026 |
| | CVE-2026-42930 | F5 | high | 8.7 | — | | When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be a… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42406 | F5 | high | 8.7 | — | | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42058 | F5 | medium | 4.3 | — | | An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information … | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42924 | F5 | high | 8.7 | — | | An authenticated attacker with the Resource Administrator or Administrator role can create SNMP conf… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42919 | F5 | medium | 6.7 | — | | A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrativ… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-41957 | F5 | high | 8.8 | — | | An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-I… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-46300 | Red Hat | high | 7.8 | 0.0%
| ✓ Fix | In the Linux kernel, the following vulnerability has been resolved:
net: skbuff: preserve shared-fra… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-7168 | Red Hat | medium | 5.3 | 0.1%
| ✓ Fix | A flaw was found in libcurl. When a user performs a transfer over an HTTP proxy using Digest authent… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-2725 | Red Hat | medium | 6.5 | 0.0%
| | A flaw was found in Gerrit. An authenticated attacker with force push permissions on a secondary bra… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-43481 | Red Hat | medium | 6.4 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
net-shapers: don't free reply sk… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-43478 | Red Hat | low | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's ASoC rt1011 codec component. An incorrect helper function use… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-43480 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel, specifically within the ASoC AMD audio driver. This vulnerabil… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-43483 | Red Hat | low | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem, specifically wi… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-43482 | Red Hat | medium | — | 0.0%
| | A flaw was found in the Linux kernel's sched_ext component. If a task is preempted between the scx_c… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-43484 | Red Hat | low | 5.5 | 0.0%
| | A flaw was found in the Linux kernel's MultiMediaCard (MMC) core. Concurrent updates to bitfield fla… | May 13, 2026 | May 13, 2026 |
| | CVE-2026-43488 | Red Hat | low | 5.5 | 0.0%
| | In the Linux kernel, the following vulnerability has been resolved:
usb: xhci: Prevent interrupt sto… | May 13, 2026 | May 13, 2026 |