CVE-2026-33691

A flaw was found in the OWASP core rule set CRS, a set of generic attack detection rules for web application firewalls. A remote attacker could exploit this vulnerability by inserting whitespace padding into filenames during file uploads. This bypasses the file extension checks, allowing the uplo...

OESA-2026-1105 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...

Jenkins OWASP Dependency-Check Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

OWASP ESAPI 安全漏洞

OWASP ESAPI is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. A security vulnerability exists in OWASP ESAPI version 2.0 RC2 and prior versions. The vulnerability stems from an oracle padding attack...

dom4j: XML External Entity vulnerability in default SAX parser

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

UBUNTU-CVE-2016-10006

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input a tag that supports style with active content, you could bypass the library protections and supply executable code. The impact is XSS...