F5 Patches Over 50 Vulnerabilities
The company’s latest quarterly advisory describes high and medium-severity issues in BIG-IP, BIG-IQ, and NGINX. The post F5 Patches Over 50 Vulnerabilities appeared first on SecurityWeek.
F5 on Wednesday announced fixes for over 19 high-severity and 32 medium-severity vulnerabilities impacting BIG-IP, BIG-IQ, and NGINX.
Based on the CVSS score, the most severe of the resolved issues is CVE-2026-42945 (CVSS v4.0 score of 9.2), a denial-of-service (DoS) condition in NGINX’s ngx_http_rewrite_module module.
The bug allows an unauthenticated attacker to send crafted HTTP requests that, combined with certain conditions beyond the attacker’s control, could trigger a heap buffer overflow and a restart. If Address Space Layout Randomization (ASLR) is disabled, the flaw can be exploited for code execution.
Source: https://www.securityweek.com/f5-patches-over-50-vulnerabilities/
Related breach coverage
- High-Severity Vulnerability Patched in VMware Fusion2026-05-14
The patch was announced as Broadcom is attending the Pwn2Own hacking competition in Berlin this week. The post High-Severity Vulnerability Patched in VMware Fusion appeared first on SecurityWeek.
- Foxconn Confirms North American Factories Hit by Cyberattack2026-05-13
The Nitrogen ransomware group claims to have hacked the company’s systems, stealing 8TB of data, including confidential documents. The post Foxconn Confirms North American Factories Hit by Cyberattack appeared first on SecurityWeek.
- Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code2026-05-13
Microsoft’s MDASH discovered 16 of the Patch Tuesday vulnerabilities, and Palo Alto used Mythos to find dozens of flaws. The post Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code appeared first on SecurityWeek.
- Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises2026-05-13
CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”. The post Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises appeared first on SecurityWeek.