| | CVE-2026-42945 |  F5 | high | 8.1 | — | | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vu… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42930 | F5 | high | 8.7 | — | | When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be a… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42406 | F5 | high | 8.7 | — | | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42058 | F5 | medium | 4.3 | — | | An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information … | May 13, 2026 | May 14, 2026 |
| | CVE-2026-32643 | F5 | high | 8.7 | — | | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-32673 | F5 | medium | 6.5 | — | | A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-34176 | F5 | high | 8.7 | — | | When running in Appliance mode, an authenticated remote command injection vulnerability exists in an… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-41225 | F5 | high | 7.2 | — | | A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at le… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-39459 | F5 | high | 7.2 | — | | A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authent… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-41953 | F5 | high | 8.7 | — | | A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at l… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-40631 | F5 | high | 8.7 | — | | An authenticated attacker with the Resource Administrator or Administrator role can modify configura… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-40698 | F5 | high | 8.7 | — | | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacke… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42924 | F5 | high | 8.7 | — | | An authenticated attacker with the Resource Administrator or Administrator role can create SNMP conf… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-40061 | F5 | medium | 6.5 | — | | When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TM… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-42919 | F5 | medium | 6.7 | — | | A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrativ… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-41957 | F5 | high | 8.8 | — | | An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-I… | May 13, 2026 | May 14, 2026 |
| | CVE-2026-32647 | F5 | high | 7.8 | 0.0%
| | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might… | Mar 24, 2026 | Mar 26, 2026 |
| | CVE-2026-28755 | F5 | medium | 5.4 | 0.0%
| | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the… | Mar 24, 2026 | Mar 26, 2026 |
| | CVE-2026-28753 | F5 | low | 3.7 | 0.0%
| | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the … | Mar 24, 2026 | Mar 26, 2026 |
| | CVE-2026-27784 | F5 | high | 7.8 | 0.0%
| | The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module… | Mar 24, 2026 | Mar 30, 2026 |
| | CVE-2026-27654 | F5 | high | 8.2 | 0.0%
| | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might a… | Mar 24, 2026 | Mar 26, 2026 |
| | CVE-2026-27651 | F5 | high | 7.5 | 0.0%
| | When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed… | Mar 24, 2026 | Mar 30, 2026 |
| | CVE-2026-1776 | F5 | medium | — | 0.1%
| | Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulne… | Mar 10, 2026 | Mar 11, 2026 |
| | CVE-2026-2507 | F5 | high | 7.5 | 0.1%
| | When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can cause TMM to terminate. Note… | Feb 18, 2026 | Feb 18, 2026 |
| | CVE-2026-22549 | F5 | medium | 4.9 | 0.1%
| | A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions … | Feb 4, 2026 | Feb 13, 2026 |
| | CVE-2026-22548 | F5 | medium | 5.9 | 0.1%
| | When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed req… | Feb 4, 2026 | Feb 13, 2026 |
| | CVE-2026-20732 | F5 | low | 3.1 | 0.1%
| | A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacke… | Feb 4, 2026 | Feb 13, 2026 |
| | CVE-2026-20730 | F5 | low | 3.3 | 0.0%
| | A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attac… | Feb 4, 2026 | Feb 13, 2026 |
| | CVE-2025-14727 | F5 | high | 8.3 | 0.2%
| | A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation.… | Dec 17, 2025 | Jan 8, 2026 |
| | CVE-2025-61958 | F5 | high | 8.7 | 0.0%
| | A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least… | Oct 15, 2025 | Feb 4, 2026 |
| | CVE-2025-59481 | F5 | high | 8.7 | 0.0%
| | A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may… | Oct 15, 2025 | Feb 4, 2026 |
| | CVE-2025-58424 | F5 | medium | 5.3 | 0.0%
| | On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification … | Oct 15, 2025 | Feb 4, 2026 |
| | CVE-2025-58153 | F5 | medium | 5.9 | 0.0%
| | Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware s… | Oct 15, 2025 | Feb 4, 2026 |
| | CVE-2025-54755 | F5 | medium | 4.9 | 0.2%
| | A directory traversal vulnerability exists in TMUI that allows a highly privileged authenticated att… | Oct 15, 2025 | Jan 27, 2026 |
| | CVE-2025-53868 | F5 | high | 8.7 | 0.0%
| | When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SF… | Oct 15, 2025 | Feb 4, 2026 |
| | CVE-2025-53521 | F5 | critical | 9.8 | 19.9%
| ⚠ KEV | When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can le… | Oct 15, 2025 | Mar 31, 2026 |
| | CVE-2025-54500 | F5 | medium | 5.3 | 0.1%
| | An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control fr… | Aug 13, 2025 | Feb 4, 2026 |
| | CVE-2025-24319 | F5 | medium | 6.5 | 0.3%
| | When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager… | Feb 5, 2025 | Feb 4, 2026 |
| | CVE-2025-23419 | F5 | medium | 4.3 | 0.6%
| | When multiple server blocks are configured to share the same IP address and port, an attacker can us… | Feb 5, 2025 | Jan 27, 2026 |
| | CVE-2025-23239 | F5 | high | 8.7 | 0.4%
| | When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote co… | Feb 5, 2025 | Feb 4, 2026 |
| | CVE-2024-32761 | F5 | medium | 6.5 | 0.3%
| | Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG… | May 8, 2024 | Feb 4, 2026 |
| | CVE-2023-29240 | F5 | medium | 5.4 | 0.1%
| | An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files us… | May 3, 2023 | Jan 27, 2026 |
| | CVE-2019-5436 | F5 | high | 7.8 | 13.3%
| | A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libc… | May 28, 2019 | Apr 15, 2026 |
| | CVE-2018-14634 | F5 | high | 7.8 | 25.7%
| ⚠ KEV | An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileg… | Sep 25, 2018 | Jan 27, 2026 |
| | CVE-2017-6167 | F5 | high | 7.5 | 0.3%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software vers… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6164 | F5 | high | 8.1 | 2.5%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAc… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6151 | F5 | high | 7.5 | 0.5%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAc… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6140 | F5 | high | 7.5 | 0.6%
| | On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 445… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6139 | F5 | medium | 5.9 | 0.4%
| | In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system ap… | Dec 21, 2017 | May 13, 2026 |
| | CVE-2017-6138 | F5 | high | 7.5 | 0.7%
| | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software… | Dec 21, 2017 | May 13, 2026 |