Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2025/01/28 12:0 a.m.20 views

OPENSUSE-SU-2025:14708-1 owasp-modsecurity-crs-4.9.0-1.1 on GA media

These are all security issues fixed in the owasp-modsecurity-crs-4.9.0-1.1 package on the GA media of openSUSE Tumbleweed...

9CVSS9.7AI score0.94432EPSS
Exploits5References2
OSV
OSVadded 2022/09/02 6:15 p.m.25 views

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications...

9.8CVSS7.7AI score
Exploits0References4
NVD
NVDadded 2022/09/02 6:15 p.m.16 views

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications...

9.8CVSS0.00261EPSS
Exploits1References4
Cvelist
Cvelistadded 2022/09/02 12:0 a.m.24 views

CVE-2020-22669

Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications...

9.8AI score0.00261EPSS
Exploits1References3
CVE
CVEadded 2022/09/02 12:0 a.m.60 views

CVE-2020-22669

CVE-2020-22669 affects the OWASP ModSecurity CRS; a SQL injection bypass exists in ModSecurity CRS versions including 3.2.0 PL1. Reports describe bypass via SQL syntax comments/variable assignments that defeat CRS protections. Debian and Mageia advisories indicate remediation by upgrading CRS to ...

9.8CVSS9.6AI score0.00261EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologiesadded 2022/09/02 12:0 a.m.2 views

PT-2022-8647 · Unknown +1 · Modsecurity +2

Name of the Vulnerable Software and Affected Versions: Modsecurity owasp-modsecurity-crs version 3.2.0 Description: The issue allows attackers to bypass Modsecurity WAF protection using comment characters and variable assignments in SQL syntax, enabling them to implement SQL injection attacks on...

9.8CVSS7.9AI score0.00903EPSS
Exploits4References42
NVD
NVDadded 2019/04/21 2:29 a.m.8 views

CVE-2019-11388

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes...

5.3CVSS5.2AI score0.0051EPSS
Exploits1References2
NVD
NVDadded 2019/04/21 2:29 a.m.10 views

CVE-2019-11389

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with next at the beginning and nested repetition operators. NOTE: the...

5.3CVSS5.3AI score0.0051EPSS
Exploits1References2
Rows per page
Query Builder