9 matches found
CVE-2026-13762
CVE-2026-13762 involves an vulnerability in Amazon CloudFront when AWS WAF is enabled. The issue arises from an inconsistent interpretation of HTTP/2 requests, which can allow remote actors to bypass AWS WAF managed body‑inspection by fragmenting the request body across frames so that only a part...
Turning Millions of Risks Into One Actionable List
Every security leader walks into Monday morning with the same question. The findings are there. The dashboards are running. But out of the thousands of critical vulnerabilities on that list, which ones can an attacker actually use against this organization today? Not in theory. Not in a lab. In...
HOV4X
HOV4X HOVAX - 45 Modules Security Toolkit for Penetration Test...
API Security for AI Agents: Why Protection Has Never Been More Important.
For years, a lot of risky APIs survived simply because they were hard to find. They weren’t documented. Only a handful of engineers knew the endpoints. And if an attacker wanted to abuse them, they had to spend real time reverse‑engineering traffic and guessing how things worked. That “security b...
Exploit for Deserialization of Untrusted Data in Facebook React
⚡ CVE-2025-55182 – Advanced Auto Exploit Toolkit Precisi...
nodejs: HTTP Request Smuggling via Content Length Obfuscation
An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request...
python-aiohttp: HTTP request smuggling via llhttp HTTP request parser
A flaw was found in aio-libs aiohttp, where it is vulnerable to HTTP request smuggling, caused by a flaw in the aiohttp.web.Application. By sending a specially crafted HTTPS request, an attacker can poison the web cache, bypass web application firewall protection, and conduct Cross-site scripting...
SUSE CVE-2023-38199
coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the...
Fortinet FortiADC 安全漏洞
Fortinet FortiADC is an application delivery controller from Fortinet, Inc. A security vulnerability exists in Fortinet FortiADC versions 5.0, 6.0.0, 6.1.0, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. An attacker could exploit the vulnerability to perform SQL injection and cross-site scripting...