Lucene search
+L

1213 matches found

NVD
NVD
added 2026/06/29 8:17 p.m.10 views

CVE-2026-13762

Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue was...

9.8CVSS0.00438EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:3 p.m.7 views

CVE-2026-13763

Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This iss...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 8:3 p.m.28 views

CVE-2026-13763

This CVE affects AWS Application Load Balancer (ALB) with AWS WAF enabled, where inconsistent interpretation of HTTP/2 requests can allow bypass of WAF body inspection when the request body is fragmented across frames, leading to partial inspection. Affected component: HTTP/2 ALB target groups; r...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-383 Langroid has WAF Bypass Leading to RCE in TableChatAgent

Affected Scope langroid = 0.59.31 Vulnerability Description CVE-2025-46724 fix bypass: TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to literalok...

9.4CVSS7AI score0.00648EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.19 views

PT-2026-53692

Name of the Vulnerable Software and Affected Versions AWS Application Load Balancer affected versions not specified Description Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. B...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.7 views

PT-2026-53691

Name of the Vulnerable Software and Affected Versions Amazon CloudFront affected versions not specified Description An inconsistent interpretation of HTTP/2 requests in Amazon CloudFront when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. This occurs through...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References8
Fedora
Fedora
added 2026/06/27 1:12 a.m.6 views

[SECURITY] Fedora 44 Update: nginx-mod-naxsi-1.6-19.fc44

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

9.2CVSS7AI score0.03552EPSS
Exploits4
Fedora
Fedora
added 2026/06/27 12:56 a.m.6 views

[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-19.fc43

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

9.2CVSS7AI score0.03552EPSS
Exploits4
Imperva Blog
Imperva Blog
added 2026/06/22 11:39 a.m.47 views

On-Premises API Security on Kubernetes: What It Actually Looks Like in Practice

Let’s Talk About Where Your APIs Actually Run Quick answer: On-premises API security keeps API discovery, detection, and enforcement inside your own perimeter instead of a third-party cloud—the model regulated industries need. Deploying it natively on Kubernetes sidecar sensors → a discovery...

6.2AI score
Exploits0
Snyk
Snyk
added 2026/06/18 1:52 p.m.5 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the JWT validation process. An attacker can gain unauthorized access by presenting a validly signed token from a trusted issuer, originally intended for a different service, to the authentication system. This ...

4.2CVSS6AI score0.00112EPSS
Exploits0References2
Imperva Blog
Imperva Blog
added 2026/06/15 11:6 a.m.10 views

Your Security Operations Team Just Got Faster: Meet Imperva’s AI Assistant.

There is a moment every security analyst knows well. It’s 2am , an alert fires, and you’re staring at a console trying to make sense of what just happened—fast. You need context, scope, and impact: What’s being targeted? Where is it coming from? Is it getting worse? What should we do next? That...

5.4AI score
Exploits0
Cvelist
Cvelist
added 2026/06/10 2:0 p.m.43 views

CVE-2026-45556 Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...

9.9CVSS0.00372EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 1:59 p.m.29 views

CVE-2026-45552

CVE-2026-45552 affects Roxy-WI web interface (versions up to 8.2.6.4). The install blueprint allows bp.before_request → @jwt_required(), but several endpoints under /install/* (install_exporter, install_waf, install_geoip, check_geoip, get_exporter_version, get_task_status) lack admin/ownership c...

9.9CVSS5.5AI score0.00267EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48435

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before request → @jwt required app/routes/install/routes.py:36-39. The individual endpoints install exporter, install waf, install geoip,...

9.9CVSS5.5AI score0.00267EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/09 3:41 a.m.78 views

secure-banking-app

secure-banking-app...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.11 views

Exploiting Logic Asymmetry in Modern Web Application Firewalls

This research whitepaper demonstrates that even the most modern WAFs remain vulnerable to attacks exploiting logic asymmetry in HTTP protocol processing. Real-world testing on a Weaver Ecology OA system achieved a 100% bypass rate 40/40 test cases, confirming the critical severity of this...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/04 11:57 a.m.20 views

CVE-2026-30923

A flaw was found in libModSecurity3, a component of the ModSecurity web application firewall WAF. An attacker can exploit a segmentation fault by sending a specially crafted query string parameter containing a single character, which is then processed by a rule using the t:hexDecode transformatio...

8.2CVSS5.7AI score0.00435EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/06/01 9:25 a.m.113 views

bastion-waf-simulator

BASTION — Web Application Firewall Simulator A real-time We...

6AI score
Exploits0
Fedora
Fedora
added 2026/06/01 1:1 a.m.21 views

[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-18.fc43

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

9.2CVSS5.8AI score0.04261EPSS
Exploits3
Akamai Blog
Akamai Blog
added 2026/05/28 12:0 p.m.13 views

Consistent Protections Without Compromise: Akamai’s WAF Is Now on AWS Marketplace

...

5.8AI score
Exploits0
Rows per page
Query Builder