Vulnerabilities
Vulnerable Software
F5:  Security Vulnerabilities
When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.009
Published
2026-03-24
A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
6.9
EPSS Score
0.003
Published
2026-02-04
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.2
EPSS Score
0.003
Published
2026-02-04
A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS Score
2.0
EPSS Score
0.001
Published
2026-02-04
A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
2.3
EPSS Score
0.002
Published
2026-02-04
When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.2
EPSS Score
0.002
Published
2026-02-04
A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.004
Published
2025-12-17
When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.003
Published
2025-10-15
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
5.1
EPSS Score
0.002
Published
2025-10-15
When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
8.7
EPSS Score
0.003
Published
2025-10-15


Contact Us

Shodan ® - All rights reserved