1627 matches found
SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.
For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools, unsanctioned...
CVE-2026-52747
Summary of CVE-2026-52747 ModSecurity (the open‑source WAF engine for Apache/IIS/Nginx) prior to version 3.0.16 contains a parsing bug in the multipart/form-data body processor. Specifically, the libmodsecurity multipart parser silently removes embedded line breaks from non-file form-field values...
CVE-2026-52747 ModSecurity: Multipart form-data parser silently strips embedded line breaks from form-field values, enabling request-body inspection bypass
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...
EUVD-2026-25014
printenv: environment variables with invalid UTF-8 are silently skipped evades inspection...
CVE-2026-13763
Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This iss...
CVE-2026-13762
Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue was...
CVE-2026-13763
This CVE affects AWS Application Load Balancer (ALB) with AWS WAF enabled, where inconsistent interpretation of HTTP/2 requests can allow bypass of WAF body inspection when the request body is fragmented across frames, leading to partial inspection. Affected component: HTTP/2 ALB target groups; r...
CVE-2026-13762
CVE-2026-13762 involves an vulnerability in Amazon CloudFront when AWS WAF is enabled. The issue arises from an inconsistent interpretation of HTTP/2 requests, which can allow remote actors to bypass AWS WAF managed body‑inspection by fragmenting the request body across frames so that only a part...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses ip-address-10.1.0.tgz which is vulnerable to CVE-2026-42338
Summary IBM Maximo Application Suite - Visual Inspection component uses ip-address-10.1.0.tgz which is vulnerable to CVE-2026-42338. This bulletin contains information regarding the vulnerability and its remediation Vulnerability Details CVEID:CVE-2026-42338 DESCRIPTION: ip-address is a library f...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892
Summary IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...
PT-2026-53692
Name of the Vulnerable Software and Affected Versions AWS Application Load Balancer affected versions not specified Description Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. B...
PT-2026-53691
Name of the Vulnerable Software and Affected Versions Amazon CloudFront affected versions not specified Description An inconsistent interpretation of HTTP/2 requests in Amazon CloudFront when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. This occurs through...
EUVD-2026-39924
The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...
CVE-2026-33560
The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and...
PT-2026-52989
Name of the Vulnerable Software and Affected Versions DMP-5000 affected versions not specified Description The file service allows authenticated users to upload files of any type without validation. The system does not enforce file extension filtering or content inspection, which enables the uplo...
USN-8477-1 tar vulnerability
It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms...
USN-8477-1: tar vulnerability
It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms...
RHEL 10 : skopeo (RHSA-2026:29035)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:29035 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and...
DEBIAN-CVE-2026-53538
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only...
CVE-2026-53538
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only...