10 matches found
CVE-2026-61718 bunkerweb: Read-only Web UI users can delete job cache files due to missing authorization on /cache/ routes
bunkerweb is an Open-source and next-generation Web Application Firewall WAF. From 1.6.2 until 1.6.12, the BunkerWeb web UI BiscuitMiddleware authorization bypass list included the /cache/ URL prefix, so routes in src/ui/app/routes/cache.py protected only by @loginrequired, including POST...
CVE-2026-61718
Bunkerweb (WAF) exposes a vulnerability in versions 1.6.2–1.6.12 where the BiscuitMiddleware authorization bypass for the /cache/ routes allowed low-privilege read-only users to delete job cache files. Specifically, routes in src/ui/app/routes/cache.py were only protected by @login_required despi...
Exploit for CVE-2026-41940
SessionScribe - CVE-2026-41940 Detection, mitigation, and rev...
Debian dla-4488 : modsecurity-crs - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4488 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4488-1 [email protected]...
web-application-firewall
🔒 Project 2 — WAF Rule Development & Evasion Testing Projec...
[SECURITY] [DLA 4265-1] modsecurity-crs security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4265-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk August 08, 2025 https://wiki.debian.org/LTS -...
Debian dla-4265 : modsecurity-crs - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4265 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4265-1 [email protected]...
Wafaray - Enhance Your Malware Detection With WAF + YARA (WAFARAY)
WAFARAY is a LAB deployment based on Debian 11.3.0 stable x64 made and cooked between two main ingredients WAF + YARA to detect malicious files e.g. webshells, virus, malware, binaries typically through web functions upload files. Purpose In essence, the main idea came to use WAF + YARA YARA...
SUSE CVE-2022-39955
The OWASP ModSecurity Core Rule Set CRS is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" nam...
UBUNTU-CVE-2019-13464
An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...