2025-07-14 and 2025-07-28 fixed

Author: fb1337

src/content/changelog/waf/2025-07-14-waf-release.mdx

@@ -12,7 +12,7 @@ This week’s vulnerability analysis highlights emerging web application threats
 
 - XSS – Attribute Overloading: A novel cross-site scripting technique where attackers abuse custom or non-standard HTML attributes to smuggle payloads into the DOM. These payloads evade traditional sanitization logic, especially in frameworks that loosely validate attributes or trust unknown tokens.
 - XSS – onToggle Event Abuse: Exploits the lesser-used onToggle event (triggered by elements like `<details>`) to execute arbitrary JavaScript when users interact with UI elements. This vector is often overlooked by static analyzers and can be embedded in seemingly benign components.
-- SQLi – Obfuscated Boolean Logic: An advanced SQL injection variant that uses non-standard Boolean expressions, comment-based obfuscation, or alternate encodings (for example, `/*!true*/`, `AND/**/1=1`) to bypass basic input validation and WAF signatures. This technique is particularly dangerous in dynamic query construction contexts.
+
 
 **Impact**
 
@@ -53,16 +53,5 @@ These vulnerabilities target both user-facing components and back-end databases,
 			<td>Block</td>
 			<td>This is a New Detection</td>
 		</tr>
-		<tr>
-			<td>Cloudflare Managed Ruleset</td>
-			<td>
-				<RuleID id="7663ea44178441a0b3205c145563445f" />
-			</td>
-			<td>100800</td>
-			<td>SQLi - Obfuscated Boolean</td>
-			<td>Log</td>
-			<td>Block</td>
-			<td>This is a New Detection</td>
-		</tr>
 	</tbody>
 </table>

src/content/changelog/waf/2025-07-28-waf-release.mdx

@@ -8,7 +8,6 @@ import { RuleID } from "~/components";
 
 This week’s update spotlights several vulnerabilities across Apache Tomcat, MongoDB, and Fortinet FortiWeb. Several flaws related with a memory leak in Apache Tomcat can lead to a denial-of-service attack. Additionally, a code injection flaw in MongoDB's Mongoose library allows attackers to bypass security controls to access restricted data.
 
-
 **Key Findings**
 
 - Fortinet FortiWeb (CVE-2025-25257): An improper neutralization of special elements used in a SQL command vulnerability in Fortinet FortiWeb versions allows an unauthenticated attacker to execute unauthorized SQL code or commands.
@@ -88,17 +87,5 @@ These vulnerabilities target user-facing components, web application servers, an
 			<td>Log</td>
 			<td>Block</td>
 			<td>This is a New Detection</td>
-		</tr>
-			<tr>
-			<td>Cloudflare Managed Ruleset</td>
-			<td>
-				<RuleID id="9b5c5e13d2ca4253a89769f2194f7b2d" />
-			</td>
-			<td>100822</td>
-			<td>WordPress:Plugin:WPBookit - Remote Code Execution - CVE:CVE-2025-6058</td>
-			<td>Log</td>
-			<td>Block</td>
-			<td>This is a New Detection</td>
-		</tr>
 	</tbody>
 </table>