New WAF Objects: [total: 15] ================================== Policy: name: 'CVE-2020-15906: Tiki Wiki Cms Groupware 16.x - 21.1 Authentication Bypass' id: '20000366' minimum version: '10.0' predicates: - type: HTTP Request operation: Match All match values: - part: parameter name: pass operation: MatchRegExp value: ^$ - part: url operation: includes value: /tiki-login.php - type: HTTP Request Method operation: At Least One values: - POST Signature: ID: '708543' Name: SELECT * FROM v$version Attack: SQL Injection - Blocking Attack Class: SQL Injection Dictionary: Recommended for Blocking for Web Applications Pattern: part="select", part="version", rgxp="(=|^)[\s\S]{0,200}select[\s\S]{0,200}v\$version[\s\S]{0,200}(=|$)" Policy: Recommended Signatures Policy for Web Applications Search In: - url - parameters - headers Signature: ID: '708542' Name: '# select @@version' Attack: SQL Injection - Blocking Attack Class: SQL Injection Dictionary: Recommended for Blocking for Web Applications Pattern: part="select", part="@@version", rgxp="(=|^)[\s\S]{0,200}select\s@@version[\s\S]{0,200}(=|$)" Policy: Recommended Signatures Policy for Web Applications Search In: - url - parameters - headers Policy: name: 'CVE-2025-57738: Apache Syncope - RCE' id: '20000365' minimum version: '10.0' predicates: - type: HTTP Request operation: Match All match values: - part: url operation: includes value: /syncope/rest/implementations/COMMAND/ - type: HTTP Request Method operation: At Least One values: - POST Signature: ID: '708541' Name: SetTimeout Bypass Attack: Cross-Site Scripting - Blocking Attack Class: Cross-Site Scripting Dictionary: Recommended for Blocking for Web Applications Pattern: part="setTimeout", rgxp="setTimeout\s?\([\'\"\`][a-zA-Z]{1,15}[\'\"\`]\x2B[\'\`\"]" Policy: Recommended Signatures Policy for Web Applications Search In: - url - parameters - headers Policy: name: 'CVE-2026-41940 - cPanel and WHM - Auth Bypass #3' id: '20000364' minimum version: '10.0' predicates: - type: HTTP Request Method operation: At Least One values: - GET - type: HTTP Request operation: Match All match values: - part: header name: Cookie operation: MatchRegExp value: whostmgrsession=[^,;\s]+,?$ - part: url operation: includes value: /json-api/passwd - part: parameter name: user operation: includes value: root Policy: name: 'CVE-2026-41940 - cPanel and WHM - Auth Bypass #2' id: '20000363' minimum version: '10.0' predicates: - type: HTTP Request operation: Match All match values: - part: header name: Cookie operation: MatchRegExp value: whostmgrsession=[^,;\s]+,?$ - part: url operation: includes value: /scripts2/listaccts - type: HTTP Request Method operation: At Least One values: - GET Policy: name: CVE-2026-41940 - cPanel and WHM - Auth Bypass id: '20000362' minimum version: '10.0' predicates: - type: HTTP Request Method operation: At Least One values: - GET - type: HTTP Request operation: Match All match values: - part: header name: Authorization operation: MatchRegExp value: (?i)basic\s+[A-Za-z0-9+/]*?(DQp|Cg==|Cg|DQ==)[A-Za-z0-9+/]*={0,2} - part: url operation: MatchRegExp value: \/$ - part: header name: Cookie operation: includes value: whostmgrsession Policy: name: 'CVE-2026-42208: LiteLLM - SQLi' id: '20000361' minimum version: '10.0' predicates: - type: HTTP Request operation: Match All match values: - part: header name: Authorization operation: MatchRegExp value: (\'|\"|\`|\(|select|union) - part: header name: Authorization operation: includes value: Bearer - part: url operation: includes value: /chat/completions Signature: ID: '708540' Name: Tomcat JMX Proxy to RCE via AccessLogValve Injection 4 Attack: Illegal Resource Access - Blocking Attack Class: Illegal Resource Access Dictionary: Recommended for Blocking for Web Applications Pattern: part="/manager/jmxproxy/", part="set=Catalina", part="AccessLogValve" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708539' Name: Tomcat JMX Proxy to RCE via AccessLogValve Injection 3 Attack: Illegal Resource Access - Blocking Attack Class: Illegal Resource Access Dictionary: Recommended for Blocking for Web Applications Pattern: part="/manager/jmxproxy", part="set=Catalina", part="att=docBase" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Policy: name: 'CVE-2020-35846: Cockpit CMS NoSQL Injection to Remote Code Execution' id: '20000358' minimum version: '10.0' predicates: - type: HTTP Request Method operation: At Least One values: - POST - type: HTTP Request Parameter Name operation: At Least One values: - user.$func - type: HTTP Request operation: Match All match values: - part: url operation: includes value: /auth/requestreset Signature: ID: '708538' Name: Tomcat JMX Proxy to RCE via AccessLogValve Injection 2 Attack: Illegal Resource Access - Blocking Attack Class: Illegal Resource Access Dictionary: Recommended for Blocking for Web Applications Pattern: part="/manager/jmxproxy/", part="qry=*:*" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708537' Name: 'CVE-2026-3844: Breeze Cache WordPress <=2.4.4 allows unauthenticated file upload' Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Pattern: part="/wp-comments-post.php", part="author", rgxp="author=[\s\S]{1,10}\ssrcset" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Policy: name: 'CVE-2026-27971: Qwik - Unauthenticated RCE via server$ Deserialization' id: '20000359' minimum version: '10.0' predicates: - type: HTTP Request operation: Match All match values: - part: parameter name: _objs operation: includes value: /node_modules/cross-spawn - part: header name: Content-Type operation: includes value: application/qwik-json - part: parameter name: qfunc operation: includes value: sync - type: HTTP Request Method operation: At Least One values: - POST