5096 matches found
CVE-2026-21876 OWASP CRS has multipart bypass using multiple content-type parts
The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...
EUVD-2026-1669
The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...
CVE-2026-21876 OWASP CRS has multipart bypass using multiple content-type parts
The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...
CVE-2026-21876
CVE-2026-21876 : The OWASP ModSecurity Core Rule Set (CRS) had a bug in rule 922110 that affects multipart requests. In earlier versions (before 4.22.0 and 3.3.8), when a chain iterates over a collection (e.g., MULTIPART_PART_HEADERS), capture variables TX:0 and TX:1 are overwritten on each itera...
Cyber Threat Detection and Vulnerability Assessment System Using Generative AI and Large Language Model
Background: Cyber-attacks have evolved rapidly in recent years, many individuals and business owners have been affected by cyber-attacks in various ways. Cyber-attacks include various threats such as ransomware, malware, phishing, and Denial of Service DoS-related attacks. Challenges: Traditional...
PT-2026-2115
Name of the Vulnerable Software and Affected Versions OWASP Core Rule Set versions prior to 4.22.0 OWASP Core Rule Set versions prior to 3.3.8 Description A bug in rule 922110 affects the processing of multipart requests with multiple parts. When the first rule in a chain iterates over a collecti...
CVE-2019-25278
FaceSentry Access Control System 6.4.8 is vulnerable to a cleartext transmission issue that enables remote attackers to perform MiTM attacks and intercept authentication credentials (e.g., HTTP cookie data) during network communications. The vulnerability stems from transmitting credentials in cl...
CVE-2019-16371
LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because dopopupregister can be bypassed via clickjacking...
[SECURITY] Fedora 43 Update: libpcap-1.10.6-1.fc43
Libpcap provides a portable framework for low-level network monitoring. Libpcap can provide network statistics collection, security monitoring and network debugging. Since almost every system vendor provides a different interface for packet capture, the libpcap authors created this...
A Cyberattack Was Part of the US Assault on Venezuela
We don't have many details: President Donald Trump suggested Saturday that the U.S. used cyberattacks or other technical capabilities to cut power off in Caracas during strikes on the Venezuelan capital that led to the capture of Venezuelan President Nicolás Maduro. If true, it would mark one of...
FoolishScan
Foolish Scan v2.3 Gold Master Context-Aware CTF & Lab Re...
FoolishScan-
Foolish Scan v2.3 Gold Master Context-Aware CTF & Lab Re...
CVE-2024-55374
REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts...
libpcap 1.10.6
Libpcap is a portable packet capture library which is used in many packet sniffers, including tcpdump...
SUSE CVE-2025-11961
pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function...
WordPress WP Email Capture plugin <= 3.12.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Arif Shaikh in WordPress Plugin WP Email Capture versions = 3.12.5...
AZL-73335 CVE-2025-11961 affecting package libpcap for versions less than 1.10.6-1
pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function...
CVE-2025-11961
pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function...
AZL-73373 CVE-2025-11961 affecting package libpcap for versions less than 1.10.1-5
pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function...
ctf-writeups
No d...