Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41217 | HIGH | 7.9 | A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with resource administrator or administrator role to execute … | May 13, 2026 |
| CVE-2026-40703 | MEDIUM | 5.4 | A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support … | May 13, 2026 |
| CVE-2026-40701 | MEDIUM | 4.8 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the … | May 13, 2026 |
| CVE-2026-40699 | MEDIUM | 6.5 | A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. Note: … | May 13, 2026 |
| CVE-2026-40698 | HIGH | 8.7 | A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration … | May 13, 2026 |
| CVE-2026-40631 | HIGH | 8.7 | An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which … | May 13, 2026 |
| CVE-2026-40629 | HIGH | 7.5 | When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. Note: Software versions … | May 13, 2026 |
| CVE-2026-40618 | HIGH | 7.5 | When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on BIG-IP hardware platforms … | May 13, 2026 |
| CVE-2026-40462 | MEDIUM | 6.5 | Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell (tmsh) undisclosed command which may allow an authenticated attacker to view sensitive information. Note: … | May 13, 2026 |
| CVE-2026-40460 | MEDIUM | 6.5 | When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP … | May 13, 2026 |
| CVE-2026-40435 | MEDIUM | 5.3 | When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached … | May 13, 2026 |
| CVE-2026-40423 | HIGH | 7.5 | When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which … | May 13, 2026 |
| CVE-2026-40067 | HIGH | 7.5 | When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate. Note: Software versions which … | May 13, 2026 |
| CVE-2026-40061 | HIGH | 8.7 | When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker … | May 13, 2026 |
| CVE-2026-40060 | HIGH | 7.5 | When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: … | May 13, 2026 |
| CVE-2026-39459 | HIGH | 7.2 | A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the Manager role can create … | May 13, 2026 |
| CVE-2026-39458 | HIGH | 7.5 | When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to … | May 13, 2026 |
| CVE-2026-39455 | HIGH | 7.5 | When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the … | May 13, 2026 |
| CVE-2026-36742 | UNKNOWN | — | Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected (hidden/debug mode). | May 13, 2026 |
| CVE-2026-36741 | UNKNOWN | — | U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Network Time Protocol (NTP) configuration interface does not properly sanitize user-supplied … | May 13, 2026 |
| CVE-2026-36738 | UNKNOWN | — | U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or … | May 13, 2026 |
| CVE-2026-35062 | MEDIUM | 6.5 | An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support (EoTS) … | May 13, 2026 |
| CVE-2026-34176 | HIGH | 8.7 | When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker … | May 13, 2026 |
| CVE-2026-34019 | MEDIUM | 5.3 | When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to stop processing … | May 13, 2026 |
| CVE-2026-32673 | HIGH | 8.7 | A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands … | May 13, 2026 |