EUVD-2026-29973

When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40435

When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40423

When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-39455

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-41959

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems. Note: Software versions which have...

CVE-2026-32673

A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a...

CVE-2026-35062

An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2026-40650

Name of the Vulnerable Software and Affected Versions BIG-IP Virtual Edition VE affected versions not specified BIG-IP hardware platforms affected versions not specified Description Undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate when an SSL profile is configured...

PT-2026-40647

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 Description IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Recommendations Update to version...

PT-2026-40670

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 Description When BIG-IP DNS is provisioned, a flaw in an undisclosed TMOS Shell tmsh command may allow a highly privileged authenticated attacker to view sensitive...

CVE-2026-6652

A weakness has been identified in Pagekit CMS up to 1.0.18. This issue affects the function evaluate of the file app/modules/view/src/PhpEngine.php of the component StringStorage Template Handler. This manipulation causes improper neutralization of directives in dynamically evaluated code. Remote...

Siemens SIMATIC Improper Neutralization of Input During Web Page Generation (CVE-2025-40943)

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right Read diagnostics, to import a specially crafted trace file. The malicious trace file is insufficiently sanitized...

devalue `uneval`ed code can create objects with polluted prototypes when `eval`ed

Under certain circumstances, unevaling untrusted data can produce output code that will create objects with polluted prototypes when later evaled, meaning the output data can be a different shape from the input data...

CVE-2026-22549

A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

DEBIAN-CVE-2026-1642

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

Whisper Leak: A Side-Channel Attack on Large Language Models

Large Language Models LLMs are increasingly deployed in sensitive domains including healthcare, legal services, and confidential communications, where privacy is paramount. This paper introduces Whisper Leak, a side-channel attack that infers user prompt topics from encrypted LLM traffic by...

CVE-2025-58071

When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-58153

Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge HSB may experience a lockup of the HSB. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59478

When a BIG-IP AFM denial-of-service DoS protection profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59781

When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...