Cloudflare protects against critical SharePoint vulnerability, CVE-2025-53770
2025-07-22
Microsoft disclosed two critical vulnerabilities, CVE-2025-53771 and CVE-2025-53770, that are exploited to attack SharePoint servers....
Continue reading »
Resolving a request smuggling vulnerability in Pingora
2025-05-22
Cloudflare patched a vulnerability (CVE-2025-4366) in the Pingora OSS framework, which exposed users of the framework and Cloudflare CDN’s free tier to potential request smuggling attacks....
Vulnerability transparency: strengthening security through responsible disclosure
2025-05-16
In line with CISA’s Secure By Design pledge, Cloudflare shares its vulnerability disclosure process, CVE issuance criteria, and CNA duties. ...
Disrupting FlyingYeti's campaign targeting Ukraine
2024-05-30
Cloud Email SecurityCloudflare WorkersCloudforce OneCVEExploitGitHubIntrusion DetectionMalwareMicrosoftPhishingRemote Browser IsolationRussiaServerlessThreat DataThreat IntelligenceThreat OperationsUkraineVulnerabilities
In April and May 2024, Cloudforce One employed proactive defense measures to successfully prevent Russia-aligned threat actor FlyingYeti from launching their latest phishing campaign targeting Ukraine...
All Cloudflare customers protected from the Atlassian Confluence CVE-2023-22515
2023-10-04
On 2023-10-04 at 13:00 UTC, Atlassian released details of the zero-day vulnerability described as “Privilege Escalation Vulnerability in Confluence Data Center and Server” (CVE-2023-22515), a zero-day vulnerability impacting Confluence Server and Data Center products...
MORE POSTS
April 25, 2023 1:07 PM
SLP: a new DDoS amplification vector in the wild
Researchers have recently published the discovery of a new DDoS reflection/amplification attack vector leveraging the SLP protocol. Cloudflare expects the prevalence of SLP-based DDoS attacks to rise in the coming weeks...
- By
January 31, 2023 2:00 PM
CVE-2022-47929: traffic control noqueue no problem?
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands....
- By
June 03, 2022 5:30 AM
Cloudflare customers are protected from the Atlassian Confluence CVE-2022-26134
On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution vulnerability....
- By
March 31, 2022 3:13 PM
WAF mitigations for Spring4Shell
Cloudflare Managed Ruleset updates for the recent vulnerabilities affecting the Java Spring framework and related software components...
- By
March 29, 2022 3:51 PM
CVE-2022-1096: How Cloudflare Zero Trust provides protection from zero day browser vulnerabilities
CVE-2022-1096 is yet another zero day vulnerability affecting web browsers. Cloudflare zero trust mitigates the risk of zero day attacks in the browser and has been patched...
- By