New WAF Objects: [total: 13] ================================== Signature: ID: '708550' Name: SQL Injection Obfuscation - chr and nchr Attack: SQL Injection - Blocking Attack Class: SQL Injection Dictionary: Recommended for Blocking for Web Applications Pattern: part="chr", part="\x7c\x7c", part="chr", part="\x7c\x7c", rgxp="[\)'\"`][\s\S]{0,300}(n?chr\s?\([^)]*?\)\s?\|\|\s?){3,}" Policy: Recommended Signatures Policy for Web Applications Search In: - url - parameters - headers Signature: ID: '708549' Name: 'CVE-2026-42945: NGINX - RCE' Attack: Illegal Resource Access - Blocking Attack Class: Illegal Resource Access Dictionary: Recommended for Blocking for Web Applications Pattern: part="/api/", part="+++", rgxp="^\/api\/.{500,}" Policy: Recommended Signatures Policy for Web Applications Search In: - url Policy: name: CVE-2026-35616 - FortiClient EMS Pre-Auth Bypass id: "20000372" minimum version: "10.0" predicates: - type: HTTP Request Header Name operation: At Least One values: - X-SSL-CLIENT-CERT - X-SSL-CLIENT-VERIFY - type: HTTP Request operation: Match Any match values: - part: url operation: includes value: /api/v1/system/version - part: url operation: includes value: /api/v1/fabric_device_auth/fortigate/init - part: url operation: includes value: /api/v1/system/capabilities - part: url operation: includes value: /api/v1/settings/server/public_address - part: url operation: includes value: /api/v1/fortigate/info Signature: ID: '708548' Name: RFI using paste[.]rs Attack: Remote Command Execution - Blocking Attack Class: Remote Command Execution Dictionary: Recommended for Blocking for Web Applications Pattern: part="paste.rs", rgxp="paste\.rs\/\w{1,}" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Policy: name: 'CVE-2021-32849: Gerapy RCE Vulnerability' id: '20000371' minimum version: '10.0' predicates: - type: HTTP Request operation: Match All match values: - part: parameter name: address operation: MatchRegExp value: '[`;|&]' - part: url operation: includes value: /api/project/clone - type: HTTP Request Method operation: At Least One values: - POST Policy: name: 'CVE-2021-21389: BuddyPress - REST API Privilege Escalation to RCE' id: '20000370' minimum version: '10.0' predicates: - type: HTTP Request Method operation: At Least One values: - POST - type: HTTP Request Header Name operation: At Least One values: - X-WP-Nonce - type: HTTP Request operation: Match All match values: - part: parameter name: roles operation: includes value: administrator - part: url operation: includes value: /wp-json/buddypress/v1/members/ Policy: name: 'CVE-2021-34621: WordPress Privilege Escalation' id: '20000369' minimum version: '10.0' predicates: - type: HTTP Request Method operation: At Least One values: - POST - type: HTTP Request operation: Match All match values: - part: parameter name: action operation: includes value: pp_ajax_signup - part: parameter name: wp_capabilities[administrator] operation: includes value: '1' - part: url operation: includes value: /wp-admin/admin-ajax.php Policy: name: |- CVE-2021-21425: GravCMS Unauthenticated Arbitrary YAML Write/Update leads to Code Execution id: '20000368' minimum version: '10.0' predicates: - type: HTTP Request Method operation: At Least One values: - POST - type: HTTP Request operation: Match All match values: - part: parameter name: task operation: includes value: SaveDefault - part: url operation: includes value: /admin/config/scheduler Policy: name: |- CVE-2021-33690: Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure id: '20000367' minimum version: '10.0' predicates: - type: HTTP Request Parameter Name operation: At Least One values: - CBS - type: HTTP Request operation: Match All match values: - part: url operation: includes value: /tc.CBS.Appl/tcspseudo - type: HTTP Request Method operation: At Least One values: - POST Signature: ID: '708547' Name: CVE-2026-23870- React DoS Attack: Denial of Service - Blocking Attack Class: Denial of Service Dictionary: Recommended for Blocking for Web Applications Pattern: part="\x22\x2c\x22\x24", rgxp="(?:\x22\x24\w{1,20}\x22\x2c\s?){50}" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters Signature: ID: '708546' Name: 'CVE-2026-22679: Weaver E-cology - RCE' Attack: Illegal Resource Access - Blocking Attack Class: Illegal Resource Access Dictionary: Recommended for Blocking for Web Applications Pattern: part="/papi/esearch/data/devops/dubboApi/debug/method", rgxp="(interfaceName|methodName)" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters Signature: ID: '708545' Name: SetInterval Bypass Attack: Cross-Site Scripting - Blocking Attack Class: Cross-Site Scripting Dictionary: Recommended for Blocking for Web Applications Pattern: part="setInterval", rgxp="setInterval\s?\([\'\"\`][a-zA-Z]{1,15}[\'\"\`]\x2B[\'\`\"]" Policy: Recommended Signatures Policy for Web Applications Search In: - parameters - headers Signature: ID: '708544' Name: CVE-2026-7567- WP Temporary Login Plugin - Auth Bypass Attack: Authentication Bypass - Blocking Attack Class: Authentication Bypass Dictionary: Recommended for Blocking for Web Applications Pattern: part="/wp-admin", part="temp-login-token[]" Policy: Recommended Signatures Policy for Web Applications Search In: - url-and-parameters