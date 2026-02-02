Changelog
WAF Release - 2026-02-02
This week’s release introduces new detections for CVE-2025-64459 and CVE-2025-24893.
Key Findings
- CVE-2025-64459: Django versions prior to 5.1.14, 5.2.8, and 4.2.26 are vulnerable to SQL injection via crafted dictionaries passed to QuerySet methods and the
Q()class.
- CVE-2025-24893: XWiki allows unauthenticated remote code execution through crafted requests to the SolrSearch endpoint, affecting the entire installation.
|Ruleset
|Rule ID
|Legacy Rule ID
|Description
|Previous Action
|New Action
|Comments
|Cloudflare Managed Ruleset
|N/A
|XWiki - Remote Code Execution - CVE:CVE-2025-24893 2
|Log
|Block
|This is a new detection.
|Cloudflare Managed Ruleset
|N/A
|Django SQLI - CVE:CVE-2025-64459
|Log
|Block
|This is a new detection.
|Cloudflare Managed Ruleset
|N/A
|NoSQL, MongoDB - SQLi - Comparison - 2
|Block
|Block
|Rule metadata description refined. Detection unchanged.