29 matches found
"What Is the Problem Space?" Defining Host-Space Adversarial Perturbations against Network Intrusion Detection Systems
Network Intrusion Detection Systems NIDS are now increasingly leveraging Machine Learning ML techniques to detect malicious network activities. Numerous papers have scrutinized the security of ML-based NIDS ML-NIDS by testing them against various attacks involving adversarial perturbations. The...
BIT-MODSECURITY2-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...
BIT-MODSECURITY-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...
PT-2026-38472
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...
CVE-2026-30923
CVE-2026-30923 affects libModSecurity3 (ModSecurity v3) where a rule using the t:hexDecode transformation can trigger a segmentation fault when inspecting a single-character query string, causing worker process crashes and denial of service. All versions prior to 3.0.15 are affected; the issue is...
CVE-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...
CVE-2026-30923 libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...
CVE-2026-30923
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...
EUVD-2026-27422
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...
GHSA-5478-66C3-RHXR Pretext: Algorithmic Complexity (DoS) in the text analysis phase
isRepeatedSingleCharRun in src/analysis.ts line 285 re-scans the entire accumulated segment on every merge iteration during text analysis, producing On² total work for input consisting of repeated identical punctuation characters. An attacker who controls text passed to prepare can block the main...
kernel: audit: fix out-of-bounds read in audit_compare_dname_path()
An out of bounds read exists in the linux kernel such that when a watch on dir=/ is combined with an fsnotify event for a single-character name directly under root an out-of-bounds read can occur in auditcomparednamepath...
kernel: audit: fix out-of-bounds read in audit_compare_dname_path()
An out of bounds read exists in the linux kernel such that when a watch on dir=/ is combined with an fsnotify event for a single-character name directly under root an out-of-bounds read can occur in auditcomparednamepath...
CVE-2025-60954
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...
CVE-2025-60954
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts...
CVE-2025-60954
CVE-2025-60954 affects Microweber CMS 2.0, where the password reset flow enforces no minimum length or complexity, allowing extremely weak (even single-character) passwords and risking account compromise, including admin accounts. The vulnerability surface is the password reset process in Microwe...
EUVD-2017-16807
Malware in sbrugna...
EUVD-2023-46400
Malicious code in bioql PyPI...
EUVD-2025-30360
Malicious code in bioql PyPI...
DEBIAN-CVE-2025-39840
In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in auditcomparednamepath When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / e.g., creating /a, an out-of-bounds read can occur in...
CVE-2025-39840
The CVE-2025-39840 in the Linux kernel is a fixed out-of-bounds read in audit_compare_dname_path() when a watch on / coincides with a single-character create under / (e.g., /a). The root cause is that parent_len() returns 1 for "/"; audit_compare_dname_path() can set pathlen to 0 and dereference ...