30 matches found
CVE-2026-55723
When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without...
CVE-2026-55723 NGINX Ingress Controller vulnerability
When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated NGINX configuration without...
CVE-2026-55723
CVE-2026-55723 betreft een injection kwetsbaarheid in de configuratie generator van de NGINX Ingress Controller. Bij configuratie via CRDs of Ingress-annotaties worden meerdere door de gebruiker beheerde velden in de gegenereerde NGINX-configuratie geschreven zonder sanering. Een geautoriseerde b...
K000161834: NGINX Ingress Controller vulnerability CVE-2026-52865
Security Advisory Description When NGINX Ingress Controller processes Ingress or TransportServer resources, an authenticated, remote attacker with permission to create or modify Ingress or TransportServer resources can cause the NGINX Ingress Controller process to terminate. CVE-2026-52865 Impact...
K000161800: NGINX Ingress Controller vulnerability CVE-2026-55723
Security Advisory Description When NGINX Ingress Controller is configured with Custom Resource Definitions CRDs or Ingress annotations, an injection vulnerability exists in the configuration generator of NGINX Ingress Controller. Multiple user-controllable fields are written into the generated...
EUVD-2026-37792
When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...
CVE-2026-11311 NGINX Gateway Fabric vulnerability
When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...
K000156734: BIG-IP Configuration utility vulnerability CVE-2026-40699
Security Advisory Description A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticated attacker to access to undisclosed sensitive information. CVE-2026-40699 Impact This vulnerability may allow a low-privileged authenticated...
K000160863: iControl REST and tmsh vulnerability CVE-2026-39459
Security Advisory Description A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. CVE-2026-39459 Impact This vulnerability may allow...
K000160972: BIG-IP and BIG-IQ privilege escalation vulnerability CVE-2026-32643
Security Advisory Description A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. CVE-2026-32643 Impact This vulnerability may allow...
K000158971: BIG-IP Appliance mode vulnerability CVE-2026-42919
Security Advisory Description A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary. CVE-2026-42919 Impact The vulnerability allows the...
K000160874: BIG-IP Configuration utility vulnerability CVE-2026-39455
Security Advisory Description When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. CVE-2026-39455 Impact The Configuration utility stops...
K000160903: iControl REST vulnerability CVE-2026-42058
Security Advisory Description An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names. CVE-2026-42058 Impact This vulnerability allows for a remote authenticated attacker with network access to the iControl REST...
K000160979: BIG-IP iControl SOAP vulnerability CVE-2026-40631
Security Advisory Description An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation. CVE-2026-40631 Impact This vulnerability may allow a remote, authenticated attacker with Resource...
EUVD-2020-27038
Malware in sbrugna...
EUVD-2020-27040
Malware in sbrugna...
EUVD-2020-27039
Malware in sbrugna...
EUVD-2019-16198
Malware in sbrugna...
CVE-2020-5884
On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability HA pair mirroring is insecure. This is a control plane issue that is exposed only on the network used for mirroring...
CVE-2019-6639
On BIG-IP AFM, PEM 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.1-11.5.8, an undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting XSS issue. This is a control plane issue only and is not...