Lucene search
K

14758 matches found

GithubExploit
GithubExploit
added 2026/05/17 4:46 a.m.80 views

Vapt-web-application-lab

No d...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/17 4:8 a.m.83 views

Advance_WAF_project_CS

WAFinity - Infinite Protection, Intelligent Detection WAFin...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/16 10:32 p.m.96 views

bug-bounty-reports

Bug Bounty Reports — Josef Basner Sanitized, redacted, resp...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/05/15 9:9 p.m.13 views

[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-17.fc43

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

9.2CVSS6AI score0.61469EPSS
Exploits41
Fedora
Fedora
added 2026/05/15 8:58 p.m.12 views

[SECURITY] Fedora 44 Update: nginx-mod-naxsi-1.6-17.fc44

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

9.2CVSS6AI score0.61469EPSS
Exploits41
RedhatCVE
RedhatCVE
added 2026/05/15 6:4 p.m.11 views

CVE-2026-39805

A flaw was found in Bandit, an HTTP server. This vulnerability allows for HTTP request smuggling due to the server's inconsistent handling of duplicate Content-Length headers in HTTP requests. An unauthenticated attacker can exploit this by sending a specially crafted request. If Bandit is...

7.4CVSS5.8AI score0.00518EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40957

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

2.3CVSS5.8AI score0.00106EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.30 views

Wapiti Web Application Vulnerability Scanner 3.3.0

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the source code release...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/05/13 6:30 p.m.13 views

EUVD-2026-29969

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score0.00324EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.13 views

CVE-2026-40060

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00324EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 2:12 p.m.19 views

CVE-2026-40060

CVE-2026-40060 affects BIG-IP Advanced WAF/ASM when a security policy is configured on a virtual server; undisclosed requests can cause the bd process to terminate, resulting in DoS with traffic disruption as the process restarts. In F5 advisories, vulnerable branches include BIG-IP Advanced WAF/...

8.7CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.29 views

CVE-2026-40060 BIG-IP Advanced WAF and ASM vulnerability

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00324EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 p.m.79 views

CVE-2026-44260

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

8.1CVSS0.00301EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 p.m.11 views

CVE-2026-42268

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...

8.2CVSS0.00396EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/12 9:40 p.m.38 views

CVE-2026-42268 ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...

8.2CVSS0.00396EPSS
Exploits1References1
CVE
CVE
added 2026/05/12 9:40 p.m.26 views

CVE-2026-42268

ModSecurity (libmodsecurity3) versions 3.0.0–3.0.14 expose an unhandled std::out_of_range exception caused by an unsigned integer underflow when using the operators @verifySSN, @verifyCPF, or @verifySVNR. The vulnerability affects the WAF engine for Apache, IIS, and Nginx and is fixed in 3.0.15. ...

8.2CVSS5.6AI score0.00396EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/12 9:40 p.m.12 views

EUVD-2026-29854

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...

8.2CVSS5.6AI score0.00396EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2026/05/12 11:58 a.m.13 views

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help

Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn't always alert volume; it's the blind spots. The most dangerous alerts are the ones no one is investigating. A recent report from The Hacker News examined why certain high-risk...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Apache Tomcat 输入验证错误漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Vulnerabilities exist in versions of Apache Tomcat from 11.0.0-M1 to 11.0.21, 10.1.0-M1 to 10.1.54, 9.0.0.M1 to 9.0.117, and...

9.8CVSS5.8AI score0.01339EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/11 4:19 a.m.119 views

choreo-waf-poc

waf-poc — Choreo CP WAF Bake-Off OpenResty Three-way WAF ev...

5.8AI score
Exploits0
Rows per page
Query Builder