Lucene search
K

18 matches found

GithubExploit
GithubExploit
added 2026/04/28 9:7 a.m.115 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell Security Lab — nginx + Coraza WAF Mục đích giáo...

10CVSS8AI score0.99999EPSS
Exploits354
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.6 views

CVE-2023-40586

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...

7.5CVSS6.8AI score0.00605EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-7160

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.00294EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1768

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00605EPSS
Exploits0References10
OSV
OSV
added 2025/03/25 7:38 p.m.6 views

GO-2025-3537 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME` in github.com/corazawaf/coraza

OWASP Coraza WAF has parser confusion which leads to wrong URI in REQUESTFILENAME in github.com/corazawaf/coraza...

5.4CVSS5.4AI score0.00294EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/22 6:8 p.m.25 views

CVE-2025-29914

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...

5.4CVSS6.6AI score0.00294EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/03/20 6:48 p.m.17 views

OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`

Summary URLs starting with // are not parsed properly, and the request REQUESTFILENAME variable contains a wrong value, leading to potential rules bypass. Details If a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI...

5.4CVSS6.9AI score0.00294EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2025/03/20 6:48 p.m.7 views

GHSA-Q9F5-625G-XM39 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`

Summary URLs starting with // are not parsed properly, and the request REQUESTFILENAME variable contains a wrong value, leading to potential rules bypass. Details If a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI...

5.4CVSS7.1AI score0.00294EPSS
Exploits0References4
NVD
NVD
added 2025/03/20 6:15 p.m.11 views

CVE-2025-29914

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...

5.4CVSS0.00294EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/20 5:44 p.m.19 views

CVE-2025-29914 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...

5.4CVSS5.3AI score0.00294EPSS
Exploits0References2
CVE
CVE
added 2025/03/20 5:44 p.m.169 views

CVE-2025-29914

OWASP Coraza WAF (Go library, modsecurity-compatible) is affected by a parser confusion that yields a wrong REQUEST_FILENAME when the URI starts with //, enabling a potential rules bypass. The issue stems from how the parser maps // URIs to filesystem paths and is fixed in Coraza 3.3.3. Connected...

5.4CVSS5.4AI score0.00294EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 5:44 p.m.8 views

CVE-2025-29914 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...

5.4CVSS5.2AI score0.00294EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/20 5:44 p.m.20 views

CVE-2025-29914 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...

5.4CVSS0.00294EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/25 8:35 p.m.13 views

CVE-2023-40586 go package github.com/corazawaf/coraza is vulnerable to denial of service

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...

7.5CVSS6.6AI score0.00605EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/25 8:35 p.m.28 views

CVE-2023-40586 go package github.com/corazawaf/coraza is vulnerable to denial of service

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...

7.5CVSS7.6AI score0.00605EPSS
Exploits0References2
OSV
OSV
added 2023/08/25 8:35 p.m.16 views

CVE-2023-40586 go package github.com/corazawaf/coraza is vulnerable to denial of service

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of log.Fatalf, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an...

7.5CVSS7.4AI score0.00605EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/26 12:0 a.m.2 views

PT-2023-27522 · Owasp · Owasp Coraza Waf

Name of the Vulnerable Software and Affected Versions: OWASP Coraza WAF versions prior to 3.0.1 Description: The issue is caused by the misuse of log.Fatalf in the OWASP Coraza WAF library, which leads to the application crashing after receiving crafted requests from attackers. The application wi...

7.5CVSS7.3AI score0.00605EPSS
Exploits0References16
Kitploit
Kitploit
added 2022/04/17 12:30 p.m.317 views

OWASP Coraza WAF - A Golang Modsecurity Compatible Web Application Firewall Library

Welcome to OWASP Coraza Web Application Firewall, OWASP Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity's seclang language and is 100% compatible with OWASP Core Ruleset. Prerequisites Linux distribution Debian and Centos are recommended, Windows i...

7.4AI score
Exploits0References9
Rows per page
Query Builder