The tweet announces the open-source release of Biubo WAF, a Web Application Firewall. It highlights several advanced features designed to enhance secu ...April 26, 2026
This tweet reveals a bypass technique for the Cloudflare Web Application Firewall (WAF) specifically targeting Cross-Site Scripting (XSS) vulnerabilit ...April 26, 2026
XSSNow is a community-driven knowledge base that focuses on real-world Cross-Site Scripting (XSS) payloads. It is designed to support security researc ...April 26, 2026
This tweet reflects on the experience of a security researcher who specialized in finding and sharing serious and effective Cross-Site Scripting (XSS) ...April 26, 2026
This tweet indicates that the user has discovered a bypass for a Cloudflare Web Application Firewall (WAF). They mention that they might write about t ...April 26, 2026
The tweet requests a Cloudflare WAF (Web Application Firewall) bypass. However, no specific payload is provided in the tweet. Cloudflare WAF is design ...April 26, 2026
The tweet is a query directed at user @Psycho10k_ asking if there are any write-ups available about their WAF bypass methods. No specific vulnerabilit ...April 26, 2026
This tweet describes a complex WAF bypass scenario affecting multiple subdomains (16 in total). The bypass leverages a path normalization desynchroniz ...April 26, 2026
The tweet discusses a WAF Bypass Cheat Sheet shared by BugBountyCenter, which is criticized for having glaring errors such as using 4 dots for path tr ...April 25, 2026
This tweet discusses a security bypass concerning ModSecurity 3.0, a popular Web Application Firewall (WAF). The bypass involves using a combination o ...April 25, 2026
This tweet highlights an important security issue: authorization bypass in AI prompt platforms. Unlike many common security bypasses that target Web A ...April 25, 2026
This tweet shares a WAF (Web Application Firewall) Bypass Cheat Sheet that includes detection tips and bypass techniques for multiple popular WAF vend ...April 25, 2026
This tweet describes a successful bypass of a Web Application Firewall (WAF) that led to Remote Code Execution (RCE) and obtaining a reverse shell. Th ...April 25, 2026
This bypass technique targets Web Application Firewalls (WAFs) by leveraging how they interpret Next.js requests. Specifically, many WAFs see Next.js ...April 25, 2026
This tweet describes a security testing scenario where a SQL Injection vulnerability was found on a web endpoint. Using the tool sqlmap, the tester di ...April 25, 2026
This bypass technique targets the CloudFront Web Application Firewall (WAF) which protects web applications by filtering and monitoring HTTP requests. ...April 25, 2026
This tweet discusses the behavior of Kotak's Web Application Firewall (WAF) and highlights an important discrepancy in its protection coverage. T ...April 25, 2026
This tweet shares a valuable resource—a WAF Bypass Cheat Sheet containing detection tips and bypass payloads for many leading WAF products. It cover ...April 25, 2026
This tweet highlights a common limitation in using rate limiting as a defense mechanism against DDoS attacks. Rate limiting controls traffic based on ...April 25, 2026
A user is inquiring if there have been any disclosures or reports about bypassing the Web Application Firewall (WAF) implemented by Vercel during an e ...April 25, 2026
The tweet mentions bypass techniques discussed in a talk called "Playing Cat and Mouse with WAF: the React2Shell Vercel CTF" from DEVCORE CO ...April 25, 2026
This tweet highlights a critical security issue where browser vulnerabilities can bypass web application firewalls (WAFs) and other edge protection me ...April 25, 2026
The tweet discusses multiple topics related to cybersecurity, including a supply-chain attack on a security scanner, discrepancies in WAF backend pars ...April 25, 2026
This tweet highlights a critical WAF bypass vulnerability reported to AikidoSecurity and Intigriti involving an account takeover and stored XSS (Cross ...April 25, 2026
The tweet mentions the capabilities of Claude and other current AI coding models, highlighting their strength. It states that a data crawling tool whi ...April 25, 2026
This tweet discusses a security risk that bypasses the need for Web Application Firewall (WAF) bypasses altogether. It highlights that abandoned DNS r ...April 25, 2026
This tweet highlights that traditional WAFs and API gateways struggle to detect and block business logic attacks, which are complex attacks targeting ...April 25, 2026
This tweet highlights a critical SQL Injection vulnerability identified as CVE-2026-21643 in FortiClient EMS. Attackers are actively exploiting this v ...April 25, 2026
This tweet discusses a concept related to LLM (Large Language Model) jailbreaks. It clarifies that LLM jailbreaks are not prompt injections, which are ...April 25, 2026