Lucene search
+L

10 matches found

Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-61718 bunkerweb: Read-only Web UI users can delete job cache files due to missing authorization on /cache/ routes

bunkerweb is an Open-source and next-generation Web Application Firewall WAF. From 1.6.2 until 1.6.12, the BunkerWeb web UI BiscuitMiddleware authorization bypass list included the /cache/ URL prefix, so routes in src/ui/app/routes/cache.py protected only by @loginrequired, including POST...

5.4CVSS0.00306EPSS
Exploits0References3
CVE
CVE
added 3 days ago7 views

CVE-2026-61718

Bunkerweb (WAF) exposes a vulnerability in versions 1.6.2–1.6.12 where the BiscuitMiddleware authorization bypass for the /cache/ routes allowed low-privilege read-only users to delete job cache files. Specifically, routes in src/ui/app/routes/cache.py were only protected by @login_required despi...

5.4CVSS6.1AI score0.00306EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/04/30 2:32 p.m.156 views

Exploit for CVE-2026-41940

SessionScribe - CVE-2026-41940 Detection, mitigation, and rev...

9.8CVSS7.1AI score0.981EPSS
Exploits64
Tenable Nessus
Tenable Nessus
added 2026/02/22 12:0 a.m.4 views

Debian dla-4488 : modsecurity-crs - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4488 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4488-1 [email protected]...

9.8CVSS5.8AI score0.13124EPSS
Exploits4References6
GithubExploit
GithubExploit
added 2025/09/27 9:3 p.m.375 views

web-application-firewall

🔒 Project 2 — WAF Rule Development & Evasion Testing Projec...

8.1AI score
Exploits0
Debian
Debian
added 2025/08/08 9:0 p.m.74 views

[SECURITY] [DLA 4265-1] modsecurity-crs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4265-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk August 08, 2025 https://wiki.debian.org/LTS -...

9.8CVSS8.6AI score0.01115EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.5 views

Debian dla-4265 : modsecurity-crs - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4265 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4265-1 [email protected]...

9.8CVSS7.8AI score0.01115EPSS
Exploits1References12
Kitploit
Kitploit
added 2023/05/18 12:30 p.m.40 views

Wafaray - Enhance Your Malware Detection With WAF + YARA (WAFARAY)

WAFARAY is a LAB deployment based on Debian 11.3.0 stable x64 made and cooked between two main ingredients WAF + YARA to detect malicious files e.g. webshells, virus, malware, binaries typically through web functions upload files. Purpose In essence, the main idea came to use WAF + YARA YARA...

7.6AI score
Exploits0References22
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.3 views

SUSE CVE-2022-39955

The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" nam...

9.8CVSS7.3AI score0.01115EPSS
Exploits0References3
OSV
OSV
added 2019/07/09 7:15 p.m.4 views

UBUNTU-CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

7.5CVSS7.1AI score0.01466EPSS
Exploits1References4
Rows per page
Query Builder