Improper error handling: CVE-2025-54571 - 2025 August
We would like to share our take on CVE-2025-54571, which was published on August 5, 2025.
Blogs
DoS vulnerability: CVE-2025-52891 - 2025 July
We would like to share our take on CVE-2025-52891, which was published on July 1, 2025.
DoS vulnerability: CVE-2025-48866 - 2025 June
We would like to share our take on CVE-2025-48866, which was published on June 2, 2025.
ModSecurity-nginx connector - new release: v1.0.4
The OWASP ModSecurity team is pleased to announce the release of ModSecurity-nginx connector version 1.0.4. This version includes a mixture of new features and bug fixes.
Possible DoS vulnerability: CVE-2025-47947 - 2025 May
We would like to share our take on CVE-2025-47947, which was published on May 21, 2025.
HTML Entity Decoding Regression: CVE-2025-27110 - 2025 February
We would like to share our take on CVE-2025-27110, which was published on February 25, 2025.
Use PCRE2 as default - 2025 February
It’s time to switch to using the PCRE library.
About CVE-2024-46292 - 2024 October
We would like to share our take on CVE-2024-46292, which was published on October 9 2024.
New versions - 2024 September
The OWASP ModSecurity team is pleased to announce the release of versions 2.9.8 and 3.0.13. These versions both include a mixture of new features and bug fixes.
ModSecurity.org: website available again
After a long period, the modsecurity.org website is available again with renewed content and form.