coreruleset 4.21.0 - Firewall Bypass

Exploit Title: coreruleset 4.21.0 - Firewall Bypass Date: 04/08/2026 Exploit Author: Daytrift Newgen Vendor Homepage: https://github.com/coreruleset Software Link: https://github.com/coreruleset/coreruleset Version: 4.22.0/3.3.8 Tested on: Fedora, MacOS CVE : CVE-2026-21876 import base64 import o...

OESA-2026-1573 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...

📄 OWASP CRS WAF Bypass

OWASP core rule set CRS versions prior to 4.22.0 and 3.3.8 suffer from a bypass vulnerability. CVE-2026-21876 OWASP CRS WAF bypass CVE-2026-21876 docker container + minimal PoC. I would like to thank @airween and @fzipi separately for their quick response! The vulnerability fix was ready in a ver...

Debian: Security Advisory (DLA-4488-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : mod_security_crs (ALAS2023-2026-1399)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1399 advisory. The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when...

[SECURITY] [DSA 6105-1] modsecurity-crs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6105-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 21, 2026 https://www.debian.org/security/faq -...

Debian dsa-6105 : modsecurity-crs - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6105 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6105-1 [email protected] https://www.debian.org/security/...

OESA-2026-1108 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...

OESA-2026-1107 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...

OESA-2026-1106 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...

OESA-2026-1105 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...

DEBIAN-CVE-2026-21876

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...

CVE-2026-21876

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...

CVE-2026-21876

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2025-2400)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on...

Linux Distros Unpatched Vulnerability : CVE-2023-21876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.31 and prior. Easily...

CVE-2021-21876

Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker can make authenticated HTTP requests to trigger this vulnerability...

BELL-CVE-2025-21876

Bulletin has no description...

CVE-2025-21876

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix suspicious RCU usage Commit "iommu/vt-d: Allocate DMAR fault interrupts locally" moved the call to enabledrhdfaulthandling to a code path that does not hold any lock while traversing the drhd list. Fix it by...

CVE-2025-21876

CVE-2025-21876 - Linux kernel iommu/vt-d : The issue arises from a code path in enable_drhd_fault_handling() that traverses the DMAR drhd list without holding the required dmar_global_lock, triggering a “suspicious RCU usage” warning. The fix (commit d74169ceb0d2) ensures dmar_global_lock is held...