Vendor

F5

4 briefs RSS

Nginx Vulnerability Leading to Remote Code Execution and Denial of Service

A vulnerability in Nginx allows a remote attacker to execute arbitrary code and cause a denial-of-service condition, affecting Nginx Open Source versions 1.x before 1.30.2, versions after 1.31.0 before 1.31.1, Nginx Plus versions 37.x before 37.0.1.1, and versions Rx before R36 P5 or R32 P7.

NGINX Open Source +1 nginx rce dos CVE-2026-9256 webserver

2r 2t 3w ago

high threat

Multiple Vulnerabilities in F5 BIG-IP Products

3 rules 5 TTPs

Multiple vulnerabilities in F5 BIG-IP products could allow an attacker to execute arbitrary code, gain elevated privileges, bypass security measures, manipulate or disclose data, or cause a denial-of-service condition.

BIG-IP f5 vulnerability privilege-escalation execution defense-evasion impact discovery credential-access

3r 5t May 15, 2026

high advisory

CVE-2026-40061: BIG-IP DNS iControl REST/TMSH Command Injection Vulnerability

2 rules 2 TTPs 1 CVE

CVE-2026-40061 is a vulnerability in F5 BIG-IP DNS that allows an authenticated attacker with Resource Administrator or Administrator privileges to execute arbitrary system commands with elevated privileges via undisclosed iControl REST and TMOS Shell (tmsh) commands, potentially crossing security boundaries in Appliance mode deployments.

BIG-IP DNS privilege-escalation execution cve

2r 2t 1c May 13, 2026

high advisory

CVE-2026-32643: F5 BIG-IP and BIG-IQ Authenticated Command Execution

2 rules 1 TTP 1 CVE

CVE-2026-32643 describes a vulnerability in F5 BIG-IP and BIG-IQ systems that allows a highly privileged, authenticated attacker with the Certificate Manager role to modify configuration objects, leading to arbitrary command execution.

BIG-IP +1 cve command execution privilege escalation f5

2r 1t 1c May 13, 2026