CVE-2026-41219
- EPSS 0.28%
- Veröffentlicht 13.05.2026 14:12:28
- Zuletzt bearbeitet 24.06.2026 14:51:37
An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file. Note: Software versions which have reached End of Technical Support (EoTS) are not ...
CVE-2026-40435
- EPSS 0.23%
- Veröffentlicht 13.05.2026 14:12:27
- Zuletzt bearbeitet 29.06.2026 14:16:31
When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2026-41954
- EPSS 0.29%
- Veröffentlicht 13.05.2026 14:12:27
- Zuletzt bearbeitet 24.06.2026 14:52:09
Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: ...
CVE-2026-40703
- EPSS 0.1%
- Veröffentlicht 13.05.2026 14:12:26
- Zuletzt bearbeitet 24.06.2026 14:51:25
A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2026-20732
- EPSS 0.15%
- Veröffentlicht 04.02.2026 15:02:05
- Zuletzt bearbeitet 13.02.2026 21:44:33
A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2026-20730
- EPSS 0.1%
- Veröffentlicht 04.02.2026 15:02:04
- Zuletzt bearbeitet 13.02.2026 21:36:18
A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2025-61990
- EPSS 0.32%
- Veröffentlicht 15.10.2025 15:19:52
- Zuletzt bearbeitet 21.10.2025 12:12:24
When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-61933
- EPSS 0.18%
- Veröffentlicht 15.10.2025 15:19:49
- Zuletzt bearbeitet 21.10.2025 12:12:54
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user. Note: Software versions which have reached End of Technical Su...
CVE-2025-58071
- EPSS 0.34%
- Veröffentlicht 15.10.2025 15:19:46
- Zuletzt bearbeitet 21.10.2025 19:17:54
When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-54755
- EPSS 1.09%
- Veröffentlicht 15.10.2025 13:55:55
- Zuletzt bearbeitet 27.01.2026 13:30:32
A directory traversal vulnerability exists in TMUI that allows a highly privileged authenticated attacker to access files which are not limited to the intended files. Note: Software versions which have reached End of Technical Support (EoTS) are not...