About CVE 2026-30923 and 2026-30923
We would like to share our take on CVE-2026-30923 and CVE-2026-30923, which were published on April 28, 2026, as well as some additional issues that were fixed.
Blogs
How Big Is Too Big? A Deep Dive into ModSecurity Request Body Limits
Have you ever wondered what exactly the request body limits mean in ModSecurity and how they work?
Improper error handling: CVE-2025-54571 - 2025 August
We would like to share our take on CVE-2025-54571, which was published on August 5, 2025.
DoS vulnerability: CVE-2025-52891 - 2025 July
We would like to share our take on CVE-2025-52891, which was published on July 1, 2025.
DoS vulnerability: CVE-2025-48866 - 2025 June
We would like to share our take on CVE-2025-48866, which was published on June 2, 2025.
ModSecurity-nginx connector - new release: v1.0.4
The OWASP ModSecurity team is pleased to announce the release of ModSecurity-nginx connector version 1.0.4. This version includes a mixture of new features and bug fixes.
Possible DoS vulnerability: CVE-2025-47947 - 2025 May
We would like to share our take on CVE-2025-47947, which was published on May 21, 2025.
HTML Entity Decoding Regression: CVE-2025-27110 - 2025 February
We would like to share our take on CVE-2025-27110, which was published on February 25, 2025.
Use PCRE2 as default - 2025 February
It’s time to switch to using the PCRE library.
About CVE-2024-46292 - 2024 October
We would like to share our take on CVE-2024-46292, which was published on October 9 2024.