K000158978: BIG-IP SSL/TLS vulnerability CVE-2026-40629

Security Advisory Description When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections. CVE-2026-40629 Impact Traffic is disrupted for new client connections. This vulnerability allows a remote, unauthenticate...

K000161027: NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability CVE-2026-42946

Security Advisory Description A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When scgipass or uwsgipass is configured, an unauthenticated attacker with man-in-the-middle MITM ability to control...

K000150508: BIG-IP BFD vulnerability CVE-2026-34019

Security Advisory Description When Bidirectional Forwarding Detection BFD is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel TMM to stop processing BFD packets and cause the configured routing protocol to fail over. CVE-2026-340...

K000160727: BIG-IP Advanced WAF and ASM vulnerability CVE-2026-40060

Security Advisory Description When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. CVE-2026-40060 Impact Traffic is disrupted while the bd process restarts. This vulnerability allows a remote,...

K000160875: BIG-IP PEM iRules vulnerability CVE-2026-41218

Security Advisory Description When BIG-IP PEM iRules are configured on a virtual server iRules using commands starting with CLASSIFICATION:: , CLASSIFY::, PEM:: , PSC:: , and the urlcatquery command, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2026-41218...

EUVD-2021-10127

Malware in sbrugna...

EUVD-2020-27025

Malware in sbrugna...

EUVD-2025-7410

Malicious code in bioql PyPI...

K000152001: HTTP/2 vulnerability CVE-2025-54500

Security Advisory Description An HTTP/2 implementation flaw allows a denial-of-service DoS that uses malformed HTTP/2 control frames to break the maximum concurrent streams limit HTTP/2 MadeYouReset Attack. CVE-2025-54500 Impact This vulnerability allows a remote, unauthenticated attacker to caus...

K000151546: BIG-IP APM vulnerability CVE-2025-46405

Security Advisory Description When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-46405 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote,...

K000152786: NGINX ngx_mail_smtp_module vulnerability CVE-2025-53859

Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the...

CVE-2020-5871

On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service DoS when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane...

BIT-NGINX-2025-1695 NGINX Unit Java Vulnerability

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...

CVE-2025-1695

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...

CVE-2025-1695

NGINX Unit 1.34.2+ with the Java Language Module is affected by CVE-2025-1695. In versions prior to 1.34.2, undisclosed requests can trigger an infinite loop, increasing CPU utilization and causing a limited denial-of-service on the data plane. The issue is a data-plane degradation with no contro...

CVE-2025-1695 NGINX Unit Java Vulnerability

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...

K000137270: BIG-IP Advanced WAF and BIG-IP ASM vulnerability CVE-2024-21789

Security Advisory Description When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2024-21789 Impact System performance can degrade until the bd process is either forced to restart or is...

K000135873: BIG-IP Websockets vulnerability CVE-2024-21849

Security Advisory Description When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM process to terminate. CVE-2024-21849 Impact Traffic is disrupted while the TMM process restarts...

K000134652: BIG-IP TCP profile vulnerability CVE-2023-40542

Security Advisory Description When TCP Verified Accept is enabled on a TCP profile that is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. CVE-2023-40542 Impact System performance can degrade until the Traffic Management Microkernel TMM...

K05043394: TMM vulnerability CVE-2021-23036

Security Advisory Description When a BIG-IP ASM and DataSafe profile are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2021-23036 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remot...