F5 News Articles
Recent news articles refferecing the vendors vulnerabilities.
The Cloudflare BlogCVE-2025-23419Resolving a Mutual TLS session resumption vulnerability
Cloudflare patched a Mutual TLS (mTLS) vulnerability (CVE-2025-23419) reported via its Bug Bounty Program. The flaw in session resumption allowed client certificates to authenticate across different zones improperly. Cloudflare mitigated the issue in 32 hours by disabling session resumption for mTLS...
2 weeks ago
feedgrid.io
New CVE-2024-32760 in nginx 1 day, 23 hours ago Internet Bug Bounty disclosed a bug submitted by noentry:...
CVE-2024-32760 Description, Impact and Technical Details
This vulnerability, identified as CVE-2024-32760, affects NGINX Plus and NGINX OSS when configured to use the HTTP/3 QUIC module. It has the potential…
Nginx - [nginx-announce] nginx security advisory (CVE-2024-31079, CVE-2024-32760, CVE-2024-34161,...
Hello! Four security issues were identified in nginx HTTP/3 implementation, which might allow an attacker that uses a specially crafted QUIC session...
CybersecurityNewsNew F5 Next-Gen Manager Flaw Let Attackers Take Full Admin Control
F5 Big IP has been discovered with two critical vulnerabilities that could potentially allow a threat actor to take full administrative
TenableCVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities
Researchers disclose multiple vulnerabilities in F5 BIG-IP Next Central Manager and provide proof-of-concept exploit code, which could lead to exposure of hashed passwords.
CVE-2024-21793 and CVE-2024-26026 Detection: Exploitation of Critical F5 Central Manager Vulnerabilities Can Lead to Full System Compromise - SOC Prime
Detect CVE-2024-21793 and CVE-2024-26026 exploitation attempts, critical flaws in F5 Next Central Manager, with relevant Sigma rules from SOC Prime.
Duo SecurityCVE-2023-46747F5 Patches Remote Code Execution Bug in BIG-IP
The critical-severity, unauthenticated remote code execution flaw exists in several versions of the F5 BIG-IP security appliances.
China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws
China-linked threat group aggressively exploits software flaws in Connectwise ScreenConnect & F5 BIG-IP.
Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect
During the course of an intrusion investigation in late October 2023, Mandiant observed novel N-day exploitation of CVE-2023-46747 affecting F5 BIG-IP Traffic Management User Interface. Additionally, in...
securityonline.infoNGINX Releases Urgent Patch for HTTP/3 Vulnerabilities (CVE-2024-24989, CVE-2024-24990)
NGINX has released an urgent patch to address 2 flaws (CVE-2024-24989, CVE-2024-24990) lurking within its experimental HTTP/3 implementation
Help Net SecurityCVE-2023-46747F5 fixes critical BIG-IP vulnerability, PoC is public (CVE-2023-46747) - Help Net Security
F5 has released hotfixes for a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated RCE.
F5 BIG-IP vulnerabilities leveraged by attackers: What to do? - Help Net Security
The BIG-IP vulnerabilities (CVE-2023-46747, CVE-2023-46748) F5 has recently released hotfixes for are being exploited by attackers.
CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog
US CISA added two vulnerabilities, tracked as CVE-2023-46747 and CVE-2023-46748, in BIG-IP to its Known Exploited Vulnerabilities catalog.
Security AffairsCVE-2023-46747Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747/8
Experts warn that threat actors started exploiting the flaw CVE-2023-46747 in F5 BIG-IP installs less than 5 days after PoC disclosure
The Hacker NewsCVE-2023-46747Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability
F5 warns of active exploitation of a critical flaw (CVE-2023-46747) in BIG-IP, enabling attackers to execute system commands.
TheCyberThroneCVE-2023-46747F5 fixes Critical RCE in BIG-IP- CVE-2023-46747
F5 has warned its customers about a critical security vulnerability that impacts BIG-IP and could result in unauthenticated remote code execution. The vulnerability tracked as CVE-2023-46747 with a CVSS score of 9.8 deemed to be a critical, resides in the configuration utility component. As per the ...
F5 fixes BIG-IP auth bypass allowing remote code execution attacks
A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution.
The Hacker NewsCVE-2023-46747F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution
F5 warns of a critical vulnerability (CVE-2023-46747) in BIG-IP, allowing unauthenticated remote code execution.