VYPR
Vendor

Trustwave

Products
21
CVEs
61
Across products
64
Status
Private

Products

21

Recent CVEs

61
View all 61 CVEs →
  • CVE-2017-18001CriDec 31, 2017
    risk 0.68cvss 9.8epss 0.14

    Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.

  • CVE-2026-21876CriJan 8, 2026
    risk 0.57cvss 9.3epss 0.13

    The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a…

  • CVE-2026-40316HigApr 15, 2026
    risk 0.50cvss 8.8epss 0.00

    OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the…

  • CVE-2018-16384HigSep 3, 2018
    risk 0.49cvss 7.5epss 0.02

    A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed.

  • CVE-2025-27371MedMar 3, 2025
    risk 0.45cvss 6.9epss 0.00

    In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521,…

  • CVE-2025-27370MedMar 3, 2025
    risk 0.45cvss 6.9epss 0.00

    OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including…

  • CVE-2026-42268HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.00

    ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator)…

  • CVE-2026-30923HigMay 5, 2026
    risk 0.42cvss 7.5epss 0.00

    ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string…

  • CVE-2018-13065MedJul 3, 2018
    risk 0.40cvss 6.1epss 0.01

    ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured

  • CVE-2026-33691MedApr 2, 2026
    risk 0.37cvss 6.8epss 0.01

    The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions (.php, .phar, .jsp, .jspx)…

  • CVE-2025-52891MedJul 2, 2025
    risk 0.35cvss 6.5epss 0.00

    ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is…

  • CVE-2026-7510MedApr 30, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The…

  • CVE-2026-3816MedMar 9, 2026
    risk 0.28cvss 4.3epss 0.01

    A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated…

  • CVE-2012-4528Dec 28, 2012
    risk 0.04cvss epss 0.13

    The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.

  • CVE-2009-1902Jun 3, 2009
    risk 0.04cvss epss 0.14

    The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.

  • CVE-2007-1359Mar 8, 2007
    risk 0.04cvss epss 0.07

    Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still…

  • CVE-2007-4385Aug 17, 2007
    risk 0.03cvss epss 0.03

    OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation…

  • CVE-2025-54571Aug 5, 2025
    risk 0.00cvss epss 0.00

    ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP response’s Content-Type, which could lead to several issues depending on the HTTP scenario. For…

  • CVE-2025-48866Jun 2, 2025
    risk 0.00cvss epss 0.01

    ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the…

  • CVE-2025-47947May 21, 2025
    risk 0.00cvss epss 0.01

    ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is…