New WAF Objects: [total: 27] ================================== Policy: name: 'CVE-2025-11833: WordPress Post SMTP Plugin - Account Takeover' id: '20000338' minimum version: '10.0' predicates: - type: HTTP Request Method operation: At Least One values: - POST - type: HTTP Request operation: Match All match values: - part: url operation: includes value: /wp-login.php - part: parameter name: view operation: includes value: log - part: parameter name: page operation: includes value: postman_email_log - part: parameter name: action operation: includes value: lostpassword - part: parameter name: wp-submit operation: includes value: Get New Password Policy: name: 'CVE-2025-6389: WP Sneeit Plugin - RCE' id: '20000337' minimum version: '10.0' predicates: - type: HTTP Request Method operation: At Least One values: - POST - type: HTTP Request operation: Match All match values: - part: parameter name: callback[callable] operation: MatchRegExp value: . - part: parameter name: callback[args][] operation: MatchRegExp value: . - part: parameter name: action operation: includes value: sneeit_articles_pagination - part: url operation: includes value: /wp-admin/admin-ajax.php Signature: ID: '708465' Name: OOB attack using .praetorianlabs.dev Attack: Automation Attack - Blocking Attack Class: Automation Attack Dictionary: Recommended for Blocking for Web Applications Pattern: part=".praetorianlabs.dev" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708464' Name: OOB attack using .watchtowr.com Attack: Automation Attack - Blocking Attack Class: Automation Attack Dictionary: Recommended for Blocking for Web Applications Pattern: part=".watchtowr.com" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708463' Name: OOB attack using .securitytrails.com Attack: Automation Attack - Blocking Attack Class: Automation Attack Dictionary: Recommended for Blocking for Web Applications Pattern: part=".securitytrails.com" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708462' Name: OOB attack using .pingsafe.co.in Attack: Automation Attack - Blocking Attack Class: Automation Attack Dictionary: Recommended for Blocking for Web Applications Pattern: part=".pingsafe.co.in" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708461' Name: OOB attack using .qualifiedpartslist.com Attack: Automation Attack - Blocking Attack Class: Automation Attack Dictionary: Recommended for Blocking for Web Applications Pattern: part=".qualifiedpartslist.com" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708460' Name: OOB attack using .googlet1.com Attack: Automation Attack - Blocking Attack Class: Automation Attack Dictionary: Recommended for Blocking for Web Applications Pattern: part=".googlet1.com" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708459' Name: OOB attack using .interactred.net Attack: Automation Attack - Blocking Attack Class: Automation Attack Dictionary: Recommended for Blocking for Web Applications Pattern: part=".interactred.net" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708458' Name: OOB attack using .ptt-responder.io Attack: Automation Attack - Blocking Attack Class: Automation Attack Dictionary: Recommended for Blocking for Web Applications Pattern: part=".ptt-responder.io" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708452' Name: 'CVE-2025-61757: Oracle Identity Manager - RCE' Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Pattern: part="/iam/governance/applicationmanagement/", rgxp="(\/templates|\/api\/v1\/applications\/groovyscriptstatus)\;\.wadl" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708457' Name: OOB attack using .ceye.io Attack: Automation Attack - Blocking Attack Class: Automation Attack Dictionary: Recommended for Blocking for Web Applications Pattern: part=".ceye.io" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708456' Name: OOB attack using .kiv.im Attack: Automation Attack - Blocking Attack Class: Automation Attack Dictionary: Recommended for Blocking for Web Applications Pattern: part=".kiv.im" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708455' Name: OOB attack using et.h4.vc Attack: Automation Attack - Blocking Attack Class: Automation Attack Dictionary: Recommended for Blocking for Web Applications Pattern: part=".et.h4.vc" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708453' Name: OOB attack using gr4c.cc Attack: Authentication Bypass - Blocking Attack Class: Authentication Bypass Dictionary: Recommended for Blocking for Web Applications Pattern: part=".gr4c.cc" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708449' Name: Server-side Template Injection in lodash.js Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Pattern: part="JSON.stringify", part=".env", rgxp="^[\s\S]{1,20}=\$\s?\{\s?json\.stringify\s?\([\s\S]{1,15}\.env\s?\)\}" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708451' Name: SQLi using integer casting with > before the = Attack: SQL Injection - Blocking Attack Class: SQL Injection Dictionary: Recommended for Blocking for Web Applications Pattern: part="'>=", rgxp="[\w]{1,30}\x27\s?>=\s?[\d]+\s?(?:\-\-|\x23)[\s\S]{0,5}$" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708450' Name: SQLi using integer casting with <> Attack: SQL Injection - Blocking Attack Class: SQL Injection Dictionary: Recommended for Blocking for Web Applications Pattern: part="'<>", rgxp="[\w]{1,30}\x27\s?<>\s?[\d]+\s?(?:\-\-|\x23)[\s\S]{0,5}$" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708448' Name: SQLi using integer casting with < before the = Attack: SQL Injection - Blocking Attack Class: SQL Injection Dictionary: Recommended for Blocking for Web Applications Pattern: part="'<=", rgxp="[\w]{1,30}\x27\s?<=\s?[\d]+\s?(?:\-\-|\x23)[\s\S]{0,5}$" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708447' Name: SQLi using integer casting Attack: SQL Injection - Blocking Attack Class: SQL Injection Dictionary: Recommended for Blocking for Web Applications Pattern: part="'=0", rgxp="[\w]{1,30}\'\s?=\s?[\d]+\s?(?:\-\-|#)[\s\S]{0,5}$" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708446' Name: Select int payload Attack: SQL Injection - Blocking Attack Class: SQL Injection Dictionary: Recommended for Blocking for Web Applications Pattern: part="select", part="int", rgxp="[\'\`\'\;]select\s?\([\s\S]{1,50}\)\s?::\s?int\s?=\s?\d{1,20}[\s\s]{0,100}(--|#)" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708445' Name: xss bypass join with triple parentheses Attack: Cross-Site Scripting - Blocking Attack Class: Cross-Site Scripting Dictionary: Recommended for Blocking for Web Applications Pattern: part=".join(", rgxp="<[\s\S]{1,80}\[[\s\S]{1,80}\]\.join\([\s\S]{1,70}[()]{3,}" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters Signature: ID: '708444' Name: 'CVE-2024-9707: Hunk Companion - Unauthorized Plugin Installation' Attack: Illegal Resource Access - Blocking Attack Class: Illegal Resource Access Dictionary: Recommended for Blocking for Web Applications Pattern: part="/wp-json/hc/v1/themehunk-import", rgxp="plugin" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708443' Name: 'CVE-2024-9234: Unauthenticated Arbitrary File Upload' Attack: 'Illegal Resource Access - Blocking' Attack Class: 'Illegal Resource Access' Dictionary: 'Recommended for Blocking for Web Applications' Pattern: 'part="/wp-json/gutenkit/v1/install-active-plugin", part="plugin"' Policy: 'Recommended Signatures Policy for Web Applications' Search In: - 'url-and-parameters' Signature: ID: "708442" Name: Jackson RCE Java Class - "org.springframework.context.support.ClassPathXmlApplicationContext" Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Pattern: part="org.springframework.context.support.ClassPathXmlApplicationContext" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers - request-body Signature: ID: "708441" Name: SQLI using SELECT INTO DUMPFILE Attack: SQL Injection - Blocking Attack Class: SQL Injection Dictionary: Recommended for Blocking for Web Applications Pattern: part="select", part="into", part="dumpfile", rgxp="select\s?into\s?dumpfile\s?[\'\"][\s\S]{1,100}[\'\"];" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Policy: name: 'CVE-2025-12101: NetScaler ADC and NetScaler Gateway (Citrix) - XSS' id: '20000335' minimum_version: '10.0' predicates: - type: HTTP Request operation: Match All match values: - part: parameter name: RelayState operation: MatchRegExp value: . - part: url operation: includes value: /cgi/logout - type: HTTP Request Method operation: At Least One values: - POST