WAF

The WAF rule deployed yesterday to block unsafe deserialization-based RCE has been updated. The rule description now reads “React – RCE – CVE-2025-55182”, explicitly mapping to the recently disclosed React Server Components vulnerability. Detection logic remains unchanged. Key Findings Rule…

This week's emergency release introduces a new rule to block a critical RCE vulnerability in widely-used web frameworks through unsafe deserialization patterns. Key Findings New WAF rule deployed for RCE Generic Framework to block malicious POST requests containing unsafe deserialization…

This week’s release introduces new detections for remote code execution attempts targeting Monsta FTP (CVE-2025-34299), alongside improvements to an existing XSS detection to enhance coverage. Key Findings CVE-2025-34299 is a critical remote code execution flaw in Monsta FTP, arising from…

This week highlights enhancements to detection signatures improving coverage for vulnerabilities in FortiWeb, linked to CVE-2025-64446, alongside new detection logic expanding protection against PHP Wrapper Injection techniques. Key Findings This vulnerability enables an unauthenticated attacker to bypass access controls by…

This week’s release introduces a critical detection for CVE-2025-61757, a vulnerability in the Oracle Identity Manager REST WebServices component. Key Findings This flaw allows unauthenticated attackers with network access over HTTP to fully compromise the Identity Manager, potentially leading to…

This week highlights enhancements to detection signatures improving coverage for vulnerabilities in DELMIA Apriso, linked to CVE-2025-6205. Key Findings This vulnerability allows unauthenticated attackers to gain privileged access to the application. The latest update provides enhanced detection logic for resilient…