K000160368: NGINX ngx_stream_ssl_module vulnerability CVE-2026-28755

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP...

K000160383: NGINX ngx_mail_auth_http_module vulnerability CVE-2026-27651

Security Advisory Description When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by...

K000160382: NGINX ngx_http_dav_module vulnerability CVE-2026-27654

Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of...

K000160367: NGINX ngx_mail_smtp_module vulnerability CVE-2026-28753

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to...

K000160366: NGINX ngx_http_mp4_module vulnerability CVE-2026-32647

Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially craft...

K000160364: NGINX ngx_http_mp4_module vulnerability CVE-2026-27784

Security Advisory Description The 32-bit implementation of NGINX Open Source has a vulnerability in the ngxhttpmp4module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects...

K000160435: FasterXML jackson-databind vulnerability CVE-2018-14721

Security Advisory Description FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization. CVE-2018-14721 Impact There is no impact; F5 products a...

K000160420: Linux kernel vulnerabilities CVE-2025-40154

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcrrt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcrrt5640 driver only shows an error message but leaves as is. This may lead to...

K000160399: Node.js vulnerability CVE-2025-59464

Security Advisory Description A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger...

K000160337: Apache Tomcat vulnerabilities CVE-2026-24733, CVE-2026-24734 and CVE-2025-66614

Security Advisory Description CVE-2026-24733 Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on...

K000160327: Protect your network from geopolitical uncertainty with F5

Security Advisory Description While there are many cyber-threats creating a constant need for cybersecurity efforts, history teaches us that geopolitical conflicts often generate increased cyber activity. In recent years the world has seen conflicts in Ukraine, Yemen, Iran, and elsewhere generate...

K000160295: Intel CPU vulnerability CVE-2025-20109

Security Advisory Description Improper Isolation or Compartmentalization in the stream cache mechanism for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2025-20109 Impact This vulnerability may allow an authenticated use...

K000160292: Curl vulnerability CVE-2025-14524

Security Advisory Description When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. CVE-2025-14524 Impact The...

K000160291: PostgreSQL vulnerability CVE-2025-12818

Security Advisory Description Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the...

K000160290: PostgreSQL vulnerability CVE-2025-12817

Security Advisory Description Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, woul...

K000160226: Intel 800 Series Ethernet vulnerability CVE-2025-24325

Security Advisory Description Improper input validation in the Linux kernel-mode driver for some IntelR 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2025-24325 Impact This flaw allows an authenticated...

K000160272: Apache Solr vulnerability CVE-2026-22444

Security Advisory Description The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting...

K000160227: Linux kernel vulnerability CVE-2025-37849

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvmarchvcpucreate fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data...

K000160225: Intel 800 Ethernet vulnerability CVE-2025-23241

Security Advisory Description Integer overflow or wraparound in the Linux kernel-mode driver for some IntelR 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable denial of service via local access. CVE-2025-23241 Impact There is no impact; F5 products ar...

K000160224: Intel 800 Series Ethernet vulnerability CVE-2025-24484

Security Advisory Description Improper input validation in the Linux kernel-mode driver for some IntelR 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2025-24484 Impact There is no impact; F5 products a...

K000160223: Spring cloud gateway vulnerability CVE-2025-41243

Security Advisory Description Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server...

K000160222: Linux kernel vulnerability CVE-2022-50356

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfbinit fails When the default qdisc is sfb, if the qdisc of devqueue fails to be inited during mqprioinit, sfbreset is invoked to clear resources...

K000160221: Linux kernel vulnerability CVE-2025-38550

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc-idev in mlddeldelrec pmc-idev is still used in ip6mcclearsrc, so as mldcleardelrec does, the reference should be put after ip6mcclearsrc return. CVE-2025-38550 Impact There...

K000160213: LZ4 vulnerability CVE-2025-12183

Security Advisory Description Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. CVE-2025-12183 Impact There is no impact; F5 products are not affected by this...

K000160212: Binutils vulnerability CVE-2025-66865

Security Advisory Description An issue was discovered in function dprintcompinner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. CVE-2025-66865 Impact There is no impact; F5 products are not affected by this vulnerability. Security Adviso...

K000160192: Log4j vulnerability CVE-2025-68161

Security Advisory Description The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https: //logging. apache. org/log4j/2.x/manual/appenders/network...

K000160173: libpng vulnerability CVE-2025-66293

Security Advisory Description LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the...

K000160172: PostgreSQL vulnerability CVE-2025-8714

Security Advisory Description Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also...

K000160142: PostgreSQL vulnerability CVE-2021-20229

Security Advisory Description A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. CVE-2021-20229 Impact...

K000160136: Binutils vulnerability CVE-2025-66863

Security Advisory Description An issue was discovered in function ddiscriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. CVE-2025-66863 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...

K000160130: Linux kernel vulnerability CVE-2022-50356

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfbinit fails When the default qdisc is sfb, if the qdisc of devqueue fails to be inited during mqprioinit, sfbreset is invoked to clear resources...

K000160103: PostgreSQL vulnerability CVE-2022-2625

Security Advisory Description A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait...

K000160096: Intel QuickAssist Technology vulnerability CVE-2025-35998

Security Advisory Description Missing protection mechanism for alternate hardware interface in the IntelR Quick Assist Technology for some IntelR Platforms within Ring 0: Kernel may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity...

K000160086: Linux kernel vulnerability CVE-2024-58240

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us...

K000160084: Linux kernel vulnerability CVE-2025-39971

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf-chidx in i40evcconfigqueuesmsg. CVE-2025-39971 Impact When this vulnerability...

K000160079: Linux kernel vulnerability CVE-2025-22026

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svcprocregister Currently, nfsdprocstatinit ignores the return value of svcprocregister. If the procfile creation fails, then the kernel will WARN when it tries ...

K000160078: Linux kernel vulnerability CVE-2025-37797

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use conditi...

K000160077: Zlib vulnerability CVE-2026-22184

Security Advisory Description zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs wh...

K000160076: Linux kernel vulnerability CVE-2025-40047

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: always prune wait queue entry in iowaitidwait For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in...

K000160003: BIG-IP TMM vulnerability CVE-2026-2507

Security Advisory Description When BIG-IP AFM or BIG-IP DDoS Hybrid Defender is provisioned, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2026-2507 Impact Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote,...

K000160014: Apache Struts vulnerability CVE-2025-68493

Security Advisory Description Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue. CVE-2025-68493 Impact...

K000159974: OpenSSL vulnerability CVE-2025-15469

Security Advisory Description Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such ...

K000159956: Oracle Java SE vulnerability CVE-2018-2603

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability...

K000159927: Podman vulnerabilities CVE-2022-1227 and CVE-2022-27649

Security Advisory Description CVE-2022-1227 A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top'...

K000159924: OpenSSL vulnerability CVE-2025-15468

Security Advisory Description Issue summary: If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running...

K000159887: OpenSSL vulnerability CVE-2025-9230

Security Advisory Description Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The...

K000159900: Golang vulnerability CVE-2025-58187

Security Advisory Description Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains. CVE-2025-58187 Impact When this...

K000159916: MySQL vulnerability CVE-2026-21936

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...

K000159914: Libsoup vulnerability CVE-2026-1761

Security Advisory Description A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which...

K000159893: Python vulnerability CVE-2021-3737

Security Advisory Description A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerabili...