72 matches found
CVE-2026-4772 Stored XSS in TR7's WAF-ASP
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...
EUVD-2026-41369
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...
CVE-2026-13762
CVE-2026-13762 involves an vulnerability in Amazon CloudFront when AWS WAF is enabled. The issue arises from an inconsistent interpretation of HTTP/2 requests, which can allow remote actors to bypass AWS WAF managed body‑inspection by fragmenting the request body across frames so that only a part...
Turning Millions of Risks Into One Actionable List
Every security leader walks into Monday morning with the same question. The findings are there. The dashboards are running. But out of the thousands of critical vulnerabilities on that list, which ones can an attacker actually use against this organization today? Not in theory. Not in a lab. In...
HOV4X
HOV4X HOVAX - 45 Modules Security Toolkit for Penetration Test...
[SECURITY] Fedora 42 Update: nginx-mod-naxsi-1.6-17.fc42
naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...
Adversarial SQL Injection Generation with LLM-Based Architectures
SQL injection SQLi attacks are still one of the serious attacks ranked in the Open Worldwide Application Security Project OWASP Top 10 threats. Today, with advances in Artificial Intelligence AI, especially in Large Language Models LLMs, an opportunity has been created for automating adversarial...
CVE-Intelligence
VulnForge Local-only, single-user CVE alert & patch-priority...
CVE-2026-4048 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process...
ai-pentest-agent
🔐 AI Pentest Agent v4 Automated web application penetration...
Fortinet FortiWeb 输入验证错误漏洞
Fortinet FortiWeb is a Web application layer firewall developed by the American company Fortinet. It can block threats such as cross-site scripting, SQL injection, cookie poisoning, and schema poisoning, ensuring the security of web applications and protecting sensitive database content. FortiWeb...
CVE-2026-33691
The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...
API Security for AI Agents: Why Protection Has Never Been More Important.
For years, a lot of risky APIs survived simply because they were hard to find. They weren’t documented. Only a handful of engineers knew the endpoints. And if an attacker wanted to abuse them, they had to spend real time reverse‑engineering traffic and guessing how things worked. That “security b...
CVE-2026-27633
CVE-2026-27633 affects TinyWeb on Windows (Delphi; pre-2.02). Unauthenticated remote attackers can trigger a DoS by sending an HTTP POST with an extremely large Content-Length; TinyWeb allocates memory for the request body streaming it without a cap, exhausting all available memory and crashing. ...
CVE-2026-27633 TinyWeb has Unbounded Content-Length Memory Exhaustion (DoS)
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...
CVE-2026-2122
CVE-2026-2122 affects Xiaopi Panel (WAF Firewall) and its /demo.php file. The vulnerability involves manipulation of the ID argument, leading to SQL injection. Descriptions across sources indicate the flaw can be exploited remotely and that the exploit has been released publicly. Red Hat and othe...
OESA-2026-1103 mod_security_crs security update
The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...
CVE-2021-28130
Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary e.g., frwlsvc.exe bypasses firewall filters...
SqlScanner
SqlScanner SQL Injection Scanner deve...
Exploit for Deserialization of Untrusted Data in Facebook React
⚡ CVE-2025-55182 – Advanced Auto Exploit Toolkit Precisi...