Lucene search
K

1204 matches found

Fedora
Fedora
added 2026/05/15 8:58 p.m.12 views

[SECURITY] Fedora 44 Update: nginx-mod-naxsi-1.6-17.fc44

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

9.2CVSS6AI score0.61469EPSS
Exploits41
RedhatCVE
RedhatCVE
added 2026/05/15 6:4 p.m.11 views

CVE-2026-39805

A flaw was found in Bandit, an HTTP server. This vulnerability allows for HTTP request smuggling due to the server's inconsistent handling of duplicate Content-Length headers in HTTP requests. An unauthenticated attacker can exploit this by sending a specially crafted request. If Bandit is...

7.4CVSS5.8AI score0.00518EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/13 6:30 p.m.13 views

EUVD-2026-29969

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score0.00324EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.14 views

CVE-2026-40060

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00324EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 2:12 p.m.19 views

CVE-2026-40060

CVE-2026-40060 affects BIG-IP Advanced WAF/ASM when a security policy is configured on a virtual server; undisclosed requests can cause the bd process to terminate, resulting in DoS with traffic disruption as the process restarts. In F5 advisories, vulnerable branches include BIG-IP Advanced WAF/...

8.7CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.30 views

CVE-2026-40060 BIG-IP Advanced WAF and ASM vulnerability

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00324EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 p.m.11 views

CVE-2026-42268

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...

8.2CVSS0.00396EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/12 9:40 p.m.38 views

CVE-2026-42268 ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...

8.2CVSS0.00396EPSS
Exploits1References1
CVE
CVE
added 2026/05/12 9:40 p.m.27 views

CVE-2026-42268

ModSecurity (libmodsecurity3) versions 3.0.0–3.0.14 expose an unhandled std::out_of_range exception caused by an unsigned integer underflow when using the operators @verifySSN, @verifyCPF, or @verifySVNR. The vulnerability affects the WAF engine for Apache, IIS, and Nginx and is fixed in 3.0.15. ...

8.2CVSS5.6AI score0.00396EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/12 9:40 p.m.12 views

EUVD-2026-29854

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...

8.2CVSS5.6AI score0.00396EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2026/05/12 11:58 a.m.14 views

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help

Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn't always alert volume; it's the blind spots. The most dangerous alerts are the ones no one is investigating. A recent report from The Hacker News examined why certain high-risk...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/11 4:19 a.m.123 views

choreo-waf-poc

waf-poc — Choreo CP WAF Bake-Off OpenResty Three-way WAF ev...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/07 3:46 a.m.6 views

EUVD-2026-26712

Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate Content-Length header...

6.3CVSS5.8AI score0.00518EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38472

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

8.2CVSS5.5AI score0.00435EPSS
Exploits1References4
NVD
NVD
added 2026/05/05 8:16 p.m.9 views

CVE-2026-40329

Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's processing of the sortBy parameter. The application fails to properly sanitize or parameterize this input before...

9.3CVSS0.00302EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:46 p.m.5 views

CVE-2026-40330

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's handling of the sortDirection parameter. The...

9.3CVSS6.5AI score0.00425EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/05 7:44 p.m.16 views

CVE-2026-40329

Masa CMS is affected by a SQL injection in the beanFeed.cfc component (getQuery handling of the sortBy parameter) in versions 7.5.2 and earlier. The vulnerability arises from insufficient sanitization/parameterization of sortBy, allowing an unauthenticated remote attacker to execute arbitrary SQL...

9.3CVSS6AI score0.00302EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:44 p.m.6 views

CVE-2026-40329

Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's processing of the sortBy parameter. The application fails to properly sanitize or parameterize this input before...

9.3CVSS6AI score0.00302EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/05 7:16 p.m.5 views

CVE-2026-30923

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

8.2CVSS5.5AI score0.00435EPSS
Exploits1References2
OSV
OSV
added 2026/05/05 7:16 p.m.8 views

UBUNTU-CVE-2026-30923

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

8.2CVSS5.5AI score0.00435EPSS
Exploits1References3
Rows per page
Query Builder