VYPR
Vendor

F5, Inc.

F5, Inc. is an American technology company specializing in application security, multi-cloud management, online fraud prevention, application delivery networking (ADN), application availability and performance, and network security, access, and authorization.

Founded 1996
Products
35
CVEs
761
Across products
917
Status
Private

Products

35
View all 35 products →

Recent CVEs

761
View all 761 CVEs →
  • CVE-2025-53521CriKEVOct 15, 2025
    risk 0.76cvss 9.8epss 0.02

    When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2018-5506CriApr 13, 2018
    risk 0.64cvss 9.8epss 0.01

    In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for…

  • CVE-2017-6165CriOct 20, 2017
    risk 0.64cvss 9.8epss 0.02

    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration…

  • CVE-2017-6131CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.01

    In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user…

  • CVE-2017-0305CriApr 6, 2017
    risk 0.64cvss 9.8epss 0.04

    F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the…

  • CVE-2016-5745CriOct 5, 2016
    risk 0.64cvss 9.8epss 0.05

    F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system…

  • CVE-2016-5700CriOct 3, 2016
    risk 0.64cvss 9.8epss 0.06

    Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers…

  • CVE-2016-5022CriSep 7, 2016
    risk 0.64cvss 9.8epss 0.03

    F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before…

  • CVE-2015-8611CriJan 12, 2016
    risk 0.64cvss 9.8epss 0.03

    BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access…

  • CVE-2015-8098CriJan 12, 2016
    risk 0.64cvss 9.8epss 0.05

    F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors related to processing a Citrix Remote Desktop connection through a virtual server…

  • CVE-2016-9244HigFeb 9, 2017
    risk 0.58cvss 7.5epss 0.74

    A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other…

  • CVE-2026-42930HigMay 13, 2026
    risk 0.57cvss 8.7epss 0.00

    When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2026-42406HigMay 13, 2026
    risk 0.57cvss 8.7epss 0.00

    A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands.     Note: Software versions which have reached End of…

  • CVE-2026-41957HigMay 13, 2026
    risk 0.57cvss 8.8epss 0.01

    An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

  • CVE-2026-41953HigMay 13, 2026
    risk 0.57cvss 8.7epss 0.00

    A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation.  Note: Software versions which have reached End of Technical Support…

  • CVE-2026-40698HigMay 13, 2026
    risk 0.57cvss 8.7epss 0.00

    A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl REST or the TMOS shell (tmsh) resulting in privilege escalation.  Note:…

  • CVE-2026-32643HigMay 13, 2026
    risk 0.57cvss 8.7epss 0.00

    A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands.  Note: Software versions which have reached End of Technical…

  • CVE-2016-9251HigMay 9, 2017
    risk 0.57cvss 8.8epss 0.02

    In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.

  • CVE-2016-5020HigJun 30, 2016
    risk 0.57cvss 8.8epss 0.03

    F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.

  • CVE-2026-9256HigMay 22, 2026
    risk 0.53cvss 8.1epss 0.03

    NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures (for example, ^/((.*))$) and a…