CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

158 matches found

Tenable Nessus•added 2026/04/21 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-33691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a...

7.5CVSS5.8AI score0.00031EPSS

Exploits0References3

RedhatCVE•added 2026/04/03 12:11 p.m.•1 views

CVE-2026-33691

A flaw was found in the OWASP core rule set CRS, a set of generic attack detection rules for web application firewalls. A remote attacker could exploit this vulnerability by inserting whitespace padding into filenames during file uploads. This bypasses the file extension checks, allowing the uplo...

7.5CVSS5.9AI score0.00031EPSS

Exploits0References2

Packet Storm News•added 2026/04/03 12:0 a.m.•2 views

OWASP CRS Arbitrary File Upload

A vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This has been addressed in versions 3.3.9, 4.25.x LTS, and 4.8.x...

6.8CVSS5.8AI score0.00031EPSS

Exploits0

OSV•added 2026/04/02 4:16 p.m.•3 views

UBUNTU-CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

7.5CVSS5.7AI score0.00031EPSS

Exploits0References3

EUVD•added 2026/04/02 3:3 p.m.•3 views

EUVD-2026-18352

6.8CVSS5.7AI score0.00031EPSS

Exploits0References7

ATTACKERKB•added 2026/04/02 3:3 p.m.•3 views

CVE-2026-33691

6.8CVSS5.7AI score0.00031EPSS

Exploits0References8Affected Software1

Vulnrichment•added 2026/04/02 3:3 p.m.•1 views

CVE-2026-33691 OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks

6.8CVSS5.7AI score0.00031EPSS

Exploits0References7

CNNVD•added 2026/04/02 12:0 a.m.•3 views

OWASP CRS 安全漏洞

OWASP CRS is a set of open-source attack detection rules developed by the CRS Project. Versions prior to OWASP CRS 3.3.9 and 4.25.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of standardization in file extension checks for spaces, which could lead to bypassing...

7.5CVSS5.8AI score0.00031EPSS

Exploits0References8

OSV•added 2026/03/15 5:55 a.m.•3 views

OESA-2026-1573 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...

9.3CVSS5.7AI score0.03984EPSS

Exploits4References2

Debian•added 2026/01/21 9:51 p.m.•3 views

[SECURITY] [DSA 6105-1] modsecurity-crs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6105-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 21, 2026 https://www.debian.org/security/faq -...

9.3CVSS5.4AI score0.03984EPSS

Exploits4

OSV•added 2026/01/16 11:59 a.m.•3 views

OESA-2026-1108 mod_security_crs security update

9.3CVSS6.8AI score0.03984EPSS

Exploits4References2

OSV•added 2026/01/16 11:59 a.m.•2 views

OESA-2026-1107 mod_security_crs security update

9.3CVSS6.8AI score0.03984EPSS

Exploits4References2

OSV•added 2026/01/16 11:59 a.m.•2 views

OESA-2026-1106 mod_security_crs security update

9.3CVSS6.8AI score0.03984EPSS

Exploits4References2

OSV•added 2026/01/16 11:59 a.m.•3 views

OESA-2026-1103 mod_security_crs security update

9.3CVSS6.8AI score0.03984EPSS

Exploits4References2

RedhatCVE•added 2026/01/09 10:9 a.m.•5 views

CVE-2019-11389

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with next at the beginning and nested repetition operators. NOTE: the...

5.3CVSS6.8AI score0.0051EPSS

Exploits1References1

OSV•added 2026/01/08 2:15 p.m.•0 views

UBUNTU-CVE-2026-21876

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...

9.3CVSS5.8AI score0.03984EPSS

Exploits4References7

UbuntuCve•added 2026/01/08 2:15 p.m.•3 views

CVE-2026-21876

9.3CVSS6AI score0.03984EPSS

Exploits4References6

CVE•added 2026/01/08 1:55 p.m.•159 views

CVE-2026-21876

CVE-2026-21876 : The OWASP ModSecurity Core Rule Set (CRS) had a bug in rule 922110 that affects multipart requests. In earlier versions (before 4.22.0 and 3.3.8), when a chain iterates over a collection (e.g., MULTIPART_PART_HEADERS), capture variables TX:0 and TX:1 are overwritten on each itera...

9.3CVSS6.5AI score0.03984EPSS

Exploits4References6Affected Software1

OSV•added 2026/01/08 1:55 p.m.•2 views

CVE-2026-21876 OWASP CRS has multipart bypass using multiple content-type parts

9.3CVSS6.7AI score0.03984EPSS

Exploits4References7

EUVD•added 2026/01/08 1:55 p.m.•1 views

EUVD-2026-1669

9.3CVSS6.3AI score0.03984EPSS

Exploits4References5

Rows per page