11 matches found
CVE-2026-22034
Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream...
DEBIAN-CVE-2026-22034
Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream...
CVE-2026-22034
Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream...
CVE-2026-22034 Snuffleupagus vulnerable to RCE on instances with upload validation enabled but without the VLD package
Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream...
CVE-2026-22034
Summary: CVE-2026-22034 affects Snuffleupagus prior to v0.13.0 where enabling the non-default upload validation feature to use upstream VLD scripts, without the VLD extension available to the CLI SAPI, causes all files in multipart POST requests to be evaluated as PHP code. This can enable remote...
CVE-2026-22034 Snuffleupagus vulnerable to RCE on instances with upload validation enabled but without the VLD package
Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream...
EUVD-2026-1676
Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream...
CVE-2026-22034 Snuffleupagus vulnerable to RCE on instances with upload validation enabled but without the VLD package
Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream...
CVE-2026-22034
Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream...
PT-2026-2140
Name of the Vulnerable Software and Affected Versions Snuffleupagus versions prior to 0.13.0 Description Snuffleupagus is a module designed to increase the cost of attacks against websites by eliminating bug classes and offering a virtual patching system. In deployments of Snuffleupagus before...
Snuffleupagus 安全漏洞
Snuffleupagus is a security module by Julien Voisin Personal Developer. A security vulnerability exists in Snuffleupagus versions prior to 0.13.0, which stems from a misconfiguration of the upload validation feature that could result in files in multipart POST requests being evaluated as PHP code...