CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1050 matches found

Your Security Operations Team Just Got Faster: Meet Imperva’s AI Assistant.

There is a moment every security analyst knows well. It’s 2am , an alert fires, and you’re staring at a console trying to make sense of what just happened—fast. You need context, scope, and impact: What’s being targeted? Where is it coming from? Is it getting worse? What should we do next? That...

5.4AI score

Exploits0

Cvelist•added last week•31 views

CVE-2026-45556 Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...

9.9CVSS0.00372EPSS

Exploits0References1

CVE•added last week•9 views

CVE-2026-45552

CVE-2026-45552 affects Roxy-WI web interface (versions up to 8.2.6.4). The install blueprint allows bp.before_request → @jwt_required(), but several endpoints under /install/* (install_exporter, install_waf, install_geoip, check_geoip, get_exporter_version, get_task_status) lack admin/ownership c...

9.9CVSS5.5AI score0.00267EPSS

Exploits0References1

Positive Technologies•added 2026/06/10 12:0 a.m.•5 views

PT-2026-48435

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before request → @jwt required app/routes/install/routes.py:36-39. The individual endpoints install exporter, install waf, install geoip,...

9.9CVSS5.5AI score0.00267EPSS

Exploits0References2

GithubExploit•added 2026/06/09 3:41 a.m.•40 views

secure-banking-app

secure-banking-app...

5.6AI score

Exploits0

Packet Storm News•added 2026/06/08 12:0 a.m.•3 views

Exploiting Logic Asymmetry in Modern Web Application Firewalls

This research whitepaper demonstrates that even the most modern WAFs remain vulnerable to attacks exploiting logic asymmetry in HTTP protocol processing. Real-world testing on a Weaver Ecology OA system achieved a 100% bypass rate 40/40 test cases, confirming the critical severity of this...

5.5AI score

Exploits0

RedhatCVE•added 2026/06/04 11:57 a.m.•9 views

CVE-2026-30923

A flaw was found in libModSecurity3, a component of the ModSecurity web application firewall WAF. An attacker can exploit a segmentation fault by sending a specially crafted query string parameter containing a single character, which is then processed by a rule using the t:hexDecode transformatio...

8.2CVSS5.7AI score0.00435EPSS

Exploits0References5

GithubExploit•added 2026/06/01 9:25 a.m.•65 views

bastion-waf-simulator

BASTION — Web Application Firewall Simulator A real-time We...

6AI score

Exploits0

Fedora•added 2026/06/01 1:1 a.m.•14 views

[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-18.fc43

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

9.2CVSS5.8AI score0.00913EPSS

Exploits3

Akamai Blog•added 2026/05/28 12:0 p.m.•8 views

Consistent Protections Without Compromise: Akamai’s WAF Is Now on AWS Marketplace

...

5.8AI score

Exploits0

Fedora•added 2026/05/28 1:13 a.m.•10 views

[SECURITY] Fedora 44 Update: nginx-mod-naxsi-1.6-18.fc44

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

9.2CVSS5.8AI score0.00913EPSS

Exploits3

SUSE CVE•added 2026/05/26 1:52 a.m.•16 views

SUSE CVE-2026-42268

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...

7.5CVSS5.6AI score0.00396EPSS

Exploits1References3

GithubExploit•added 2026/05/24 10:27 a.m.•67 views

FortressWAF

FortressWAF — Web Application Firewall !Licensehttps://im...

5.9AI score

Exploits0

GithubExploit•added 2026/05/19 1:53 p.m.•52 views

py-waf

py-waf Python rever...

5.8AI score

Exploits0

GithubExploit•added 2026/05/17 7:2 p.m.•52 views

waf-demo

No d...

5.8AI score

Exploits0

GithubExploit•added 2026/05/17 4:8 a.m.•55 views

Advance_WAF_project_CS

WAFinity - Infinite Protection, Intelligent Detection WAFin...

5.9AI score

Exploits0

Fedora•added 2026/05/15 9:9 p.m.•7 views

[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-17.fc43

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

9.2CVSS6AI score0.14453EPSS

Exploits38

Fedora•added 2026/05/15 8:58 p.m.•8 views

[SECURITY] Fedora 44 Update: nginx-mod-naxsi-1.6-17.fc44

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

9.2CVSS6AI score0.14453EPSS

Exploits38

RedhatCVE•added 2026/05/15 6:4 p.m.•5 views

CVE-2026-39805

A flaw was found in Bandit, an HTTP server. This vulnerability allows for HTTP request smuggling due to the server's inconsistent handling of duplicate Content-Length headers in HTTP requests. An unauthenticated attacker can exploit this by sending a specially crafted request. If Bandit is...

7.4CVSS5.8AI score0.00518EPSS

Exploits0References7

EUVD•added 2026/05/13 6:30 p.m.•8 views

EUVD-2026-29969

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score0.00324EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by