Skip to main content

Modsecurity

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-54571 MEDIUM POC PATCH This Week

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Apache Nginx Red Hat Modsecurity +1
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-48866 HIGH POC PATCH This Week

ModSecurity versions prior to 2.9.10 contain a denial of service vulnerability in the `sanitiseArg` and `sanitizeArg` actions that allows unauthenticated remote attackers to cause service disruption by submitting requests with an excessive number of arguments. This is a network-accessible DoS vulnerability with high impact on availability that affects widely-deployed WAF deployments across Apache, IIS, and Nginx platforms.

Denial Of Service Apache Nginx Red Hat Modsecurity +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-47947 HIGH POC PATCH This Month

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apache Nginx Red Hat Modsecurity +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-27110 HIGH POC PATCH This Week

Libmodsecurity is one component of the ModSecurity v3 project. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Red Hat Modsecurity Suse
NVD GitHub
CVSS 4.0
7.9
EPSS
0.1%
CVE-2025-54571
EPSS 0% CVSS 6.9
MEDIUM POC PATCH This Week

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Apache Nginx +3
NVD GitHub
CVE-2025-48866
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

ModSecurity versions prior to 2.9.10 contain a denial of service vulnerability in the `sanitiseArg` and `sanitizeArg` actions that allows unauthenticated remote attackers to cause service disruption by submitting requests with an excessive number of arguments. This is a network-accessible DoS vulnerability with high impact on availability that affects widely-deployed WAF deployments across Apache, IIS, and Nginx platforms.

Denial Of Service Apache Nginx +3
NVD GitHub
CVE-2025-47947
EPSS 1% CVSS 7.5
HIGH POC PATCH This Month

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apache Nginx +3
NVD GitHub
CVE-2025-27110
EPSS 0% CVSS 7.9
HIGH POC PATCH This Week

Libmodsecurity is one component of the ModSecurity v3 project. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Red Hat Modsecurity +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy