11 matches found
EUVD-2023-55697
Malicious code in bioql PyPI...
EUVD-2023-0966
Malicious code in bioql PyPI...
EUVD-2023-1062
Malicious code in bioql PyPI...
CVE-2023-26047
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used...
CVE-2023-26046
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
CVE-2024-56524
CVE-2024-56524 — Radware Cloud WAF: The Radware Cloud Web Application Firewall before 2025-05-07 allows bypass of firewall filtering by adding a special character to the request (and by non-deterministic GET-body data in some reports). The CVE affects Radware Cloud WAF versions prior to the patch...
CVE-2025-29914 OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Prior to 3.3.3, if a request is made on an URI starting with //, coraza will set a wrong value in REQUESTFILENAME. For example, if the URI //bar/uploads/foo.php?a=b is passed to coraza: , REQUESTFILENAME will be...
Shanshi Netcom WAF Command Execution Vulnerability
Web Application Firewall WAF is a professional and intelligent Web application security protection product, which comprehensively applies intelligent analysis and semantic analysis technology in Web asset discovery, vulnerability assessment, traffic learning, threat localization, etc., to help...
CVE-2024-23308 BIG-IP Advanced WAF and ASM vulnerability
When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed U...
CVE-2023-26047 teler-waf contains detection rule bypass via entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used...
CVE-2023-26046 teler-waf subject to bypass of common web attack threat rule with HTML entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...