Every CVE whose affected-product data names Trustwave Modsecurity, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2024-46292 — CVSS 7.5 (high): A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name…
CVE-2021-42717 — CVSS 7.5 (high): ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could…
CVE-2022-48279 — CVSS 7.5 (high): In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application…
CVE-2023-24021 — CVSS 7.5 (high): Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer…
CVE-2025-47947 — CVSS 7.5 (high): ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including…
CVE-2013-1915 — CVSS 7.5 (high): ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of…
CVE-2025-27110 — CVSS 7.5 (high): Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking…
CVE-2013-5705 — CVSS 5.0 (medium): apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a…
CVE-2012-4528 — CVSS 5.0 (medium): The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data…
CVE-2013-2765 — CVSS 5.0 (medium): The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer…
CVE-2009-1902 — CVSS 5.0 (medium): The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form…
CVE-2012-2751 — CVSS 4.3 (medium): ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in…
CVE-2009-5031 — CVSS 4.3 (medium): ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass…
CVE-2009-1903 — CVSS 4.3 (medium): The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a…