Critical ModSecurity WAF Vulnerability Allows Denial of Service via Empty XML Tags

July 2, 2025

Critical ModSecurity WAF Vulnerability Allows Denial of Service via Empty XML Tags

A newly discovered denial-of-service vulnerability in the ModSecurity Web Application Firewall (WAF) engine has security experts on high alert.
The flaw, designated CVE-2025-52891, affects specific ve …

Published Date:
Jul 02, 2025 (3 hours, 36 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-52891

CVE-2025-48866

Source: Read More

Previous ArticleCitrix warns of login issues after NetScaler auth bypass patch

Next Article Forminator plugin flaw exposes WordPress sites to takeover attacks

Highlights

CVE-2025-50738 – Apache Memos Information Disclosure Cross-Site Request Forgery

July 29, 2025

CVE ID : CVE-2025-50738

Published : July 29, 2025, 3:15 p.m. | 8 hours, 44 minutes ago

Description : The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be exploited by an attacker to disclose the viewing user’s IP address, browser User-Agent string, and potentially other request-specific information to the attacker-controlled server, leading to information disclosure and user tracking.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

Your smart home device just got a performance and security boost for free

Ultrahuman brings advanced cycle and ovulation tracking to its smart ring

DistroWatch Weekly, Issue 1135

14 secret phone codes that unlock hidden features on your Android and iPhone

Air Quality Prediction System using Python ML

Air Quality Prediction System using Python ML

AI’s Hidden Thirst: The Water Behind Tech

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

DistroWatch Weekly, Issue 1135

DistroWatch Weekly, Issue 1135

Ubuntu’s New “Dangerous” Daily Builds – What Are They?

gofmt – formats Go programs

Critical ModSecurity WAF Vulnerability Allows Denial of Service via Empty XML Tags

Critical ModSecurity WAF Vulnerability Allows Denial of Service via Empty XML Tags

CVE-2025-9090 – Tenda Telnet Service Command Injection

CVE-2025-9091 – Tenda AC20 Hard-Coded Credentials Vulnerability

CVE-2025-48918 – Drupal Simple Klaro Cross-site Scripting (XSS)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

YouTube Tests AI Feature That Will Completely Change How You Search for Videos

Build a Secure AI Code Execution Workflow Using Daytona SDK

CVE-2025-50738 – Apache Memos Information Disclosure Cross-Site Request Forgery

Publix Deli Shirt

Rilasciato il kernel Linux 6.16: ecco le novità

Sudoku – solve Sudoku puzzles

Critical ModSecurity WAF Vulnerability Allows Denial of Service via Empty XML Tags

Critical ModSecurity WAF Vulnerability Allows Denial of Service via Empty XML Tags

Related Posts