Lucene search
+L

1627 matches found

thn
thn
added yesterday6 views

SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.

For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools, unsanctioned...

6.1AI score
Exploits0
cve
cve
added 6 days ago19 views

CVE-2026-52747

Summary of CVE-2026-52747 ModSecurity (the open‑source WAF engine for Apache/IIS/Nginx) prior to version 3.0.16 contains a parsing bug in the multipart/form-data body processor. Specifically, the libmodsecurity multipart parser silently removes embedded line breaks from non-file form-field values...

8.6CVSS6AI score0.00476EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 6 days ago33 views

CVE-2026-52747 ModSecurity: Multipart form-data parser silently strips embedded line breaks from form-field values, enabling request-body inspection bypass

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS0.00476EPSS
Exploits1References3
euvd
euvd
added 2026/07/06 8:25 p.m.4 views

EUVD-2026-25014

printenv: environment variables with invalid UTF-8 are silently skipped evades inspection...

4.4CVSS5.9AI score0.0017EPSS
Exploits1References6
nvd
nvd
added 2026/06/29 8:17 p.m.8 views

CVE-2026-13763

Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This iss...

9.8CVSS0.00473EPSS
Exploits0References2
nvd
nvd
added 2026/06/29 8:17 p.m.10 views

CVE-2026-13762

Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue was...

9.8CVSS0.00438EPSS
Exploits0References1
cve
cve
added 2026/06/29 8:3 p.m.26 views

CVE-2026-13763

This CVE affects AWS Application Load Balancer (ALB) with AWS WAF enabled, where inconsistent interpretation of HTTP/2 requests can allow bypass of WAF body inspection when the request body is fragmented across frames, leading to partial inspection. Affected component: HTTP/2 ALB target groups; r...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/06/29 8:3 p.m.63 views

CVE-2026-13762

CVE-2026-13762 involves an vulnerability in Amazon CloudFront when AWS WAF is enabled. The issue arises from an inconsistent interpretation of HTTP/2 requests, which can allow remote actors to bypass AWS WAF managed body‑inspection by fragmenting the request body across frames so that only a part...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References1Affected Software1
ibm
ibm
added 2026/06/29 3:55 p.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses ip-address-10.1.0.tgz which is vulnerable to CVE-2026-42338

Summary IBM Maximo Application Suite - Visual Inspection component uses ip-address-10.1.0.tgz which is vulnerable to CVE-2026-42338. This bulletin contains information regarding the vulnerability and its remediation Vulnerability Details CVEID:CVE-2026-42338 DESCRIPTION: ip-address is a library f...

8.1CVSS6.6AI score0.00471EPSS
Exploits1Affected Software1
ibm
ibm
added 2026/06/29 1:4 p.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892

Summary IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...

9.8CVSS6.2AI score0.00652EPSS
Exploits0Affected Software1
ptsecurity
ptsecurity
added 2026/06/29 12:0 a.m.18 views

PT-2026-53692

Name of the Vulnerable Software and Affected Versions AWS Application Load Balancer affected versions not specified Description Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. B...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2026/06/29 12:0 a.m.6 views

PT-2026-53691

Name of the Vulnerable Software and Affected Versions Amazon CloudFront affected versions not specified Description An inconsistent interpretation of HTTP/2 requests in Amazon CloudFront when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. This occurs through...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References8
euvd
euvd
added 2026/06/27 12:30 a.m.7 views

EUVD-2026-39924

The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...

8.4CVSS5.9AI score0.00459EPSS
Exploits0References3
nvd
nvd
added 2026/06/26 11:17 p.m.14 views

CVE-2026-33560

The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...

8.8CVSS0.00459EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.10 views

PT-2026-52989

Name of the Vulnerable Software and Affected Versions DMP-5000 affected versions not specified Description The file service allows authenticated users to upload files of any type without validation. The system does not enforce file extension filtering or content inspection, which enables the uplo...

8.8CVSS5.8AI score0.00459EPSS
Exploits0References9
osv
osv
added 2026/06/25 8:57 p.m.5 views

USN-8477-1 tar vulnerability

It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms...

5.5CVSS5.8AI score0.0043EPSS
Exploits1References2
ubuntu
ubuntu
added 2026/06/25 8:57 p.m.11 views

USN-8477-1: tar vulnerability

It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms...

5.5CVSS5.8AI score0.0043EPSS
Exploits1
nessus
nessus
added 2026/06/24 12:0 a.m.7 views

RHEL 10 : skopeo (RHSA-2026:29035)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:29035 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References10
osv
osv
added 2026/06/22 6:16 p.m.4 views

DEBIAN-CVE-2026-53538

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only...

3.7CVSS5.9AI score0.00176EPSS
Exploits0References1
nvd
nvd
added 2026/06/22 6:16 p.m.18 views

CVE-2026-53538

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only...

3.7CVSS0.00176EPSS
Exploits0References1
Rows per page
Query Builder