Lucene search
K

983 matches found

RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-52747

A flaw was found in ModSecurity, an open-source web application firewall WAF. The multipart/form-data request body parser in libmodsecurity incorrectly handles embedded line breaks in non-file form-field values. This discrepancy between ModSecurity and backend applications, which preserve line...

8.6CVSS6.1AI score0.0046EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-52761

A flaw was found in ModSecurity, an open-source web application firewall WAF. The t:utf8toUnicode transformation function, responsible for converting UTF-8 encoded characters to Unicode, generates incorrect output on i386 architectures. This vulnerability allows an attacker to bypass WAF rules,...

5.8CVSS6AI score0.00438EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-52761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode...

5.8CVSS5.9AI score0.00438EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-52747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request bo...

8.6CVSS6AI score0.0046EPSS
Exploits0References3
NVD
NVD
added 4 days ago8 views

CVE-2026-52747

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS0.0046EPSS
Exploits0References3
NVD
NVD
added 4 days ago7 views

CVE-2026-52761

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformations/utf8tounicode.cc produces wrong output on i386 architecture because snprintf uses sizeof on a...

5.8CVSS0.00438EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-52747 ModSecurity: Multipart form-data parser silently strips embedded line breaks from form-field values, enabling request-body inspection bypass

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS0.0046EPSS
Exploits0References3
CVE
CVE
added 4 days ago16 views

CVE-2026-52747

Summary of CVE-2026-52747 ModSecurity (the open‑source WAF engine for Apache/IIS/Nginx) prior to version 3.0.16 contains a parsing bug in the multipart/form-data body processor. Specifically, the libmodsecurity multipart parser silently removes embedded line breaks from non-file form-field values...

8.6CVSS6AI score0.0046EPSS
Exploits0References3
OSV
OSV
added 4 days ago2 views

CVE-2026-52747 ModSecurity: Multipart form-data parser silently strips embedded line breaks from form-field values, enabling request-body inspection bypass

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS6AI score0.0046EPSS
Exploits0References5
Debian CVE
Debian CVE
added 4 days ago4 views

CVE-2026-52761

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformations/utf8tounicode.cc produces wrong output on i386 architecture because snprintf uses sizeof on a...

5.8CVSS5.9AI score0.00438EPSS
Exploits0
CVE
CVE
added 4 days ago18 views

CVE-2026-52761

Affected software: ModSecurity WAF for Apache/IIS/Nginx. A vulnerability in the t:utf8toUnicode transformation (src/actions/transformations/utf8_to_unicode.cc) in 3.0.0–3.0.15, where snprintf uses sizeof on a char pointer instead of the unicode buffer length on i386, can allow bypassing rules tha...

5.8CVSS5.9AI score0.00438EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-52761 ModSecurity: Transformation utf8toUnicode produces wrong output on i386 architecture

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformations/utf8tounicode.cc produces wrong output on i386 architecture because snprintf uses sizeof on a...

5.8CVSS0.00438EPSS
Exploits0References3
OSV
OSV
added 4 days ago2 views

CVE-2026-52761 ModSecurity: Transformation utf8toUnicode produces wrong output on i386 architecture

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformations/utf8tounicode.cc produces wrong output on i386 architecture because snprintf uses sizeof on a...

5.8CVSS5.9AI score0.00438EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55934

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformations/utf8 to unicode.cc produces wrong output on i386 architecture because snprintf uses sizeof on a...

5.8CVSS5.9AI score0.00438EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55924

Name of the Vulnerable Software and Affected Versions ModSecurity versions prior to 3.0.16 Description The multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and ARGS POST. This occurs becau...

8.6CVSS6.1AI score0.0046EPSS
Exploits0References11
Fedora
Fedora
added 2026/06/27 1:12 a.m.6 views

[SECURITY] Fedora 44 Update: nginx-mod-modsecurity-1.0.4-12.fc44

The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...

9.2CVSS7AI score0.03459EPSS
Exploits4
Fedora
Fedora
added 2026/06/27 12:56 a.m.5 views

[SECURITY] Fedora 43 Update: nginx-mod-modsecurity-1.0.4-12.fc43

The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...

9.2CVSS7AI score0.03459EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.14 views

Fedora 44 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-b8e751787c)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-b8e751787c advisory. nginx-mod-brotli: - Rebuild for 1.30.3 nginx-mod-fancyindex: - Rebuild for 1.30.3 nginx-mod-vts: - Rebuild for 1.30.3 nginx-mod-modsecurity: - Rebui...

9.2CVSS6.1AI score0.03459EPSS
Exploits4References4
Fedora
Fedora
added 2026/06/01 1:1 a.m.31 views

[SECURITY] Fedora 43 Update: nginx-mod-modsecurity-1.0.4-11.fc43

The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...

9.2CVSS5.8AI score0.04261EPSS
Exploits3
Fedora
Fedora
added 2026/05/28 1:13 a.m.17 views

[SECURITY] Fedora 44 Update: nginx-mod-modsecurity-1.0.4-11.fc44

The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...

9.2CVSS5.8AI score0.04261EPSS
Exploits3
Rows per page
Query Builder