Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2025/08/05 11:39 p.m.2 views

CVE-2025-54571 ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For example, we have demonstrate...

6.9CVSS6.2AI score0.00305EPSS
Exploits1References6
Cvelist
Cvelistadded 2025/07/02 3:3 p.m.6 views

CVE-2025-52891 ModSecurity empty XML tag causes segmentation fault

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least...

6.5CVSS0.00235EPSS
Exploits0References2
OSV
OSVadded 2025/05/26 7:11 a.m.5 views

BIT-MODSECURITY2-2025-47947 ModSecurity Has Possible DoS Vulnerability

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

7.5CVSS6.9AI score0.00615EPSS
Exploits1References3
The Hacker News
The Hacker Newsadded 2025/05/23 10:30 a.m.69 views

SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection

From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater. SafeLine is currently the most starred open-source Web Application Firewall WAF on GitHub, with over 16.4K stars and a rapidly...

7.5AI score
Exploits0
CNNVD
CNNVDadded 2023/09/28 12:0 a.m.1 views

Deciso OPNsense Cross-Site Scripting Vulnerability

Deciso OPNsense is a suite of FreeBSD-based open source firewall and routing software from Dutch company Deciso. A cross-site scripting vulnerability exists in OPNsense versions prior to 23.7.5. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

5.4CVSS6AI score0.00197EPSS
Exploits1References4
Packet Storm
Packet Stormadded 2017/03/27 12:0 a.m.62 views

pfsense 2.3.2 Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: pfsense 2.3.2 Fixed in: 2.3.3 Fixed Version Link: https://pfsense.org/download/ Vendor Website: https://www.pfsense.org/ Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 02/06/2017 Disclosed ...

Exploits0
Rows per page
Query Builder