Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
25d4c83
Update blockers meta
actions-user Jun 11, 2026
e694494
Update blockers meta
actions-user Jun 12, 2026
d6eb941
Add vpatch-CVE-2024-8181 rule
crowdsec-automation Jun 12, 2026
8b94767
Add vpatch-CVE-2024-8181 test config
crowdsec-automation Jun 12, 2026
79533bb
Add CVE-2024-8181.yaml test
crowdsec-automation Jun 12, 2026
8cc6c6c
Add vpatch-CVE-2024-8181 rule to vpatch collection
crowdsec-automation Jun 12, 2026
5664fb5
Modify match condition in vpatch-CVE-2024-8181.yaml
he2ss Jun 12, 2026
ee964c1
Update vpatch-CVE-2024-8181.yaml
he2ss Jun 12, 2026
aa00d02
Merge pull request #41 from crowdsecurity/1781255703-vpatch-CVE-2024-…
he2ss Jun 12, 2026
7bb8361
Update index
actions-user Jun 12, 2026
5d1def8
Update taxonomy
actions-user Jun 12, 2026
86b4a77
Update blockers meta
actions-user Jun 12, 2026
0503705
Update blockers meta
actions-user Jun 13, 2026
3ccc972
Update blockers meta
actions-user Jun 13, 2026
ba16480
Update blockers meta
actions-user Jun 14, 2026
52e7027
Update blockers meta
actions-user Jun 14, 2026
54ef7ab
Update blockers meta
actions-user Jun 15, 2026
fdcc2d0
Update blockers meta
actions-user Jun 15, 2026
3e46e4c
Update blockers meta
actions-user Jun 16, 2026
b22a3b7
Update blockers meta
actions-user Jun 16, 2026
07f325c
Update blockers meta
actions-user Jun 17, 2026
6c0a81e
Add vpatch-CVE-2025-53693 rule
crowdsec-automation Jun 17, 2026
fa31e1a
Add vpatch-CVE-2025-53693 test config
crowdsec-automation Jun 17, 2026
fc73f4a
Add CVE-2025-53693.yaml test
crowdsec-automation Jun 17, 2026
2916025
Add vpatch-CVE-2025-53693 rule to vpatch collection
crowdsec-automation Jun 17, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions .appsec-tests/vpatch-CVE-2024-8181/CVE-2024-8181.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
## autogenerated on 2026-06-12 09:15:02
id: CVE-2024-8181
info:
name: CVE-2024-8181
author: crowdsec
severity: info
description: CVE-2024-8181 testing
tags: appsec-testing
http:
- raw:
- |
GET /api/v1/apikey?/api/v1/ping HTTP/1.1
Host: {{Hostname}}
Accept: application/json, text/plain, */*
Referer: {{RootURL}}/document-stores
cookie-reuse: true
matchers:
- type: status
status:
- 403
5 changes: 5 additions & 0 deletions .appsec-tests/vpatch-CVE-2024-8181/config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
## autogenerated on 2026-06-12 09:15:02
appsec-rules:
- ./appsec-rules/crowdsecurity/base-config.yaml
- ./appsec-rules/crowdsecurity/vpatch-CVE-2024-8181.yaml
nuclei_template: CVE-2024-8181.yaml
21 changes: 21 additions & 0 deletions .appsec-tests/vpatch-CVE-2025-53693/CVE-2025-53693.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
## autogenerated on 2026-06-17 10:34:57
id: CVE-2025-53693
info:
name: CVE-2025-53693
author: crowdsec
severity: info
description: CVE-2025-53693 testing
tags: appsec-testing
http:
- raw:
- |
POST /-/xaml/Sitecore.Shell.Applications.Dialogs.ItemLister.ItemLister HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

__SOURCE=ItemLister&__PARAMETERS={"method":"AddToCache","parameters":["sitecore_cache_test_123456","<script>alert('x')</script>"]}
cookie-reuse: true
matchers:
- type: status
status:
- 403
5 changes: 5 additions & 0 deletions .appsec-tests/vpatch-CVE-2025-53693/config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
## autogenerated on 2026-06-17 10:34:57
appsec-rules:
- ./appsec-rules/crowdsecurity/base-config.yaml
- ./appsec-rules/crowdsecurity/vpatch-CVE-2025-53693.yaml
nuclei_template: CVE-2025-53693.yaml
35 changes: 33 additions & 2 deletions .index.json

Large diffs are not rendered by default.

25 changes: 25 additions & 0 deletions appsec-rules/crowdsecurity/vpatch-CVE-2024-8181.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
## autogenerated on 2026-06-12 09:15:02
name: crowdsecurity/vpatch-CVE-2024-8181
description: 'Detects authentication bypass in Flowise <= 1.8.2 by matching unauthorized access to sensitive API endpoints.'
rules:
- and:
- zones:
- URI_FULL
transform:
- lowercase
- urldecode
match:
type: contains
value: '/api/v1/apikey?/api/v1/ping'

labels:
type: exploit
service: http
confidence: 3
spoofable: 0
behavior: 'http:exploit'
label: 'Flowise - Authentication Bypass'
classification:
- cve.CVE-2024-8181
- attack.T1190
- cwe.CWE-287
34 changes: 34 additions & 0 deletions appsec-rules/crowdsecurity/vpatch-CVE-2025-53693.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
## autogenerated on 2026-06-17 10:34:57
name: crowdsecurity/vpatch-CVE-2025-53693
description: 'Detects Sitecore XAML AjaxScriptManager cache poisoning via AddToCache reflection method.'
rules:
- and:
- zones:
- URI
transform:
- lowercase
match:
type: contains
value: '/-/xaml/'
- zones:
- BODY_ARGS
variables:
- __parameters
transform:
- lowercase
- urldecode
match:
type: contains
value: 'addtocache'

labels:
type: exploit
service: http
confidence: 3
spoofable: 0
behavior: 'http:exploit'
label: 'Sitecore - Cache Poisoning'
classification:
- cve.CVE-2025-53693
- attack.T1190
- cwe.CWE-20
42 changes: 21 additions & 21 deletions blockers.json

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions collections/crowdsecurity/appsec-virtual-patching.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ appsec-rules:
- crowdsecurity/vpatch-CVE-2023-22527
- crowdsecurity/vpatch-CVE-2024-5057
- crowdsecurity/vpatch-CVE-2023-35078
- crowdsecurity/vpatch-CVE-2025-53693
- crowdsecurity/vpatch-CVE-2023-35082
- crowdsecurity/vpatch-CVE-2023-24000
- crowdsecurity/vpatch-CVE-2022-22954
Expand Down Expand Up @@ -123,6 +124,7 @@ appsec-rules:
- crowdsecurity/vpatch-CVE-2019-5418
- crowdsecurity/vpatch-CVE-2025-52488
- crowdsecurity/vpatch-CVE-2025-49132
- crowdsecurity/vpatch-CVE-2024-8181
- crowdsecurity/vpatch-CVE-2026-21643
- crowdsecurity/vpatch-CVE-2025-47812
- crowdsecurity/vpatch-CVE-2024-51977
Expand Down
22 changes: 22 additions & 0 deletions taxonomy/scenarios.json
Original file line number Diff line number Diff line change
Expand Up @@ -3043,6 +3043,28 @@
"CWE-303"
]
},
"crowdsecurity/vpatch-CVE-2024-8181": {
"name": "crowdsecurity/vpatch-CVE-2024-8181",
"description": "Detects authentication bypass in Flowise <= 1.8.2 by matching unauthorized access to sensitive API endpoints.",
"label": "Flowise - Authentication Bypass",
"behaviors": [
"http:exploit"
],
"mitre_attacks": [
"TA0001:T1190"
],
"confidence": 3,
"spoofable": 0,
"cti": true,
"service": "http",
"created_at": "2026-06-12T09:15:06",
"cves": [
"CVE-2024-8181"
],
"cwes": [
"CWE-287"
]
},
"crowdsecurity/vpatch-CVE-2024-8190": {
"name": "crowdsecurity/vpatch-CVE-2024-8190",
"description": "Ivanti Cloud Services Appliance - RCE (CVE-2024-8190)",
Expand Down
Loading