New WAF Objects: [total: 14]
==================================
Signature:
    ID: '708484'
    Name: 'CVE-2025-55184 : React function DoS'
    Attack: Remote Command Execution - Blocking
    Attack Class: Remote Command Execution
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="resolved_model", rgxp="\d{1,3}\.value\.then\=\$\d{1,3}\:then"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - parameters

Policy:
  name: 'CVE-2025-20393: Cisco AsyncOS Unsafe Deserialization RCE'
  id: '20000343'
  minimum version: '10.0'
  predicates:
  - type: HTTP Request Method
    operation: At Least One
    values:
    - POST
  - type: HTTP Request
    operation: Match All
    match values:
    - part: parameter
      name: auth
      operation: MatchRegExp
      value: (\[\[#\d{1,5}\]\]){10,}
    - part: url
      operation: includes
      value: search

Policy:
  name: 'CVE-2025-37164 : HPE Oneview : Unauthenticated RCE'
  id: '20000342'
  minimum version: '10.0'
  predicates:
  - type: HTTP Request Method
    operation: At Least One
    values:
    - PUT
  - type: HTTP Request
    operation: Match All
    match values:
    - part: parameter
      name: cmd
      operation: MatchRegExp
      value: .
    - part: url
      operation: includes
      value: /rest/id-pools/executeCommand

Signature:
    ID: '708483'
    Name: DOM based XSS using frames
    Attack: Cross-Site Scripting - Blocking
    Attack Class: Cross-Site Scripting
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="frames", rgxp="frames\s?\[(\/|\'|\"|\(|\`|\d)[\s\S]{1,100}"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - url-and-parameters

Signature:
    ID: '708482'
    Name: DOM based XSS using parent
    Attack: Cross-Site Scripting - Blocking
    Attack Class: Cross-Site Scripting
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="parent", rgxp="(?<!menu-item-)parent\s?\[(\/|\'|\"|\(|\`|\d)[\s\S]{1,100}"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - url-and-parameters

Signature:
    ID: '708481'
    Name: DOM based XSS using this
    Attack: Cross-Site Scripting - Blocking
    Attack Class: Cross-Site Scripting
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="this", rgxp="this\s?\[(\/|\'|\"|\(|\`|\d)[\s\S]{1,100}"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - url-and-parameters

Signature:
    ID: '708480'
    Name: DOM based XSS using top
    Attack: Cross-Site Scripting - Blocking
    Attack Class: Cross-Site Scripting
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="top", rgxp="top\s?\[(\/|\'|\"|\(|\`|\d)[\s\S]{1,100}"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - url-and-parameters

Signature:
    ID: '708479'
    Name: DOM based XSS using window
    Attack: Cross-Site Scripting - Blocking
    Attack Class: Cross-Site Scripting
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="window", rgxp="window\s?\[(\/|\'|\"|\(|\`|\d)[\s\S]{1,100}"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - url-and-parameters

Policy:
  name: 'CVE-2025-59718: Fortinet FortiCloud SSO - Authentication Bypass'
  id: '20000341'
  minimum version: '10.0'
  predicates:
  - type: HTTP Request Method
    operation: At Least One
    values:
    - POST
  - type: HTTP Request
    operation: Match All
    match values:
    - part: parameter
      name: SAMLResponse
      operation: MatchRegExp
      value: \badmin\b
    - part: url
      operation: includes
      value: /remote/saml/login

Signature:
    ID: '708478'
    Name: 'CVE-2021-25003: WordPress Cargo Plugin - RCE'
    Attack: Remote Command Execution - Blocking
    Attack Class: Remote Command Execution
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="/wp-content/plugins/wpcargo/includes/barcode.php", part="text", part="filepath", rgxp="(?:\.php|\.phtml|\.pht|\.phar)"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - url-and-parameters

Signature:
    ID: '708477'
    Name: 'CVE-2025-2945: pgAdmin RCE'
    Attack: Remote Command Execution - Blocking
    Attack Class: Remote Command Execution
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="/sqleditor/query_tool/download/", part="query_commited="
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - url-and-parameters

Signature:
    ID: '708475'
    Name: DOM based XSS using self
    Attack: Cross-Site Scripting - Blocking
    Attack Class: Cross-Site Scripting
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="self", rgxp="self\s?\[(\/|\'|\"|\(|\`|\d)[\s\S]{1,100}"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - url-and-parameters

Signature:
    ID: '708474'
    Name: Directory Traversal - "/inetpub/wwwroot/index.asp"
    Attack: Directory Traversal
    Attack Class: Directory Traversal
    Dictionary: Recommended for Blocking for Web Applications
    Pattern: part="/inetpub/wwwroot/index.asp"
    Policy: Recommended Signatures Policy for Web Applications
    Search In:
    - url
    - parameters

Policy:
  name: 'CVE-2025-12762: pgAdmin authenticated RCE via Restore'
  id: '20000340'
  minimum version: '10.0'
  predicates:
  - type: HTTP Request
    operation: Match All
    match values:
    - part: parameter
      name: file
      operation: MatchRegExp
      value: \.sql
    - part: header
      name: Content-Type
      operation: includes
      value: application/json
    - part: parameter
      name: format
      operation: includes
      value: plain
    - part: url
      operation: includes
      value: /restore/job
  - type: HTTP Request Method
    operation: At Least One
    values:
    - POST