F5

vulnerabilities 2026-05-15
NGINX Rift: 18-Year-Old Rewrite Module Heap Overflow Hits Unauthenticated RCE With Public PoC
CVE-2026-42945 is a CVSS 9.2 heap buffer overflow in ngx_http_rewrite_module that has lived in NGINX since 2008. A working unauthenticated RCE PoC is public; reachability hinges on a specific rewrite-directive pattern most prod configs actually contain.
nginx cve-2026-42945 rce heap-overflow web-server f5 rewrite-module poc
2026-04-05
Severity Drift: Why Your Vulnerability Triage Process Is Working With Bad Data
From silent reclassifications to incomplete patches to NVD enrichment backlogs, the severity data your vuln management program depends on is wrong more often than you think. Here's the proof — and what to do about it.
vulnerability-management cvss epss cisa-kev nvd risk-prioritization f5 cisco langflow opinion
vulnerabilities 2026-04-01 Critical
F5 BIG-IP APM Flaw Silently Upgraded from DoS to RCE — Now Actively Exploited
A five-month-old F5 BIG-IP APM bug just got reclassified from denial-of-service to pre-auth RCE. Attackers didn't wait for the memo.
f5 big-ip rce cisa-kev network-appliance cve-2025-53521

NGINX Rift: 18-Year-Old Rewrite Module Heap Overflow Hits Unauthenticated RCE With Public PoC