Lucene search
+L

5 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-33691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a...

7.5CVSS6AI score0.02172EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 3:3 p.m.8 views

EUVD-2026-18352

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

6.8CVSS5.7AI score0.02172EPSS
Exploits0References7
CVE
CVE
added 2026/01/08 1:55 p.m.194 views

CVE-2026-21876

CVE-2026-21876 : The OWASP ModSecurity Core Rule Set (CRS) had a bug in rule 922110 that affects multipart requests. In earlier versions (before 4.22.0 and 3.3.8), when a chain iterates over a collection (e.g., MULTIPART_PART_HEADERS), capture variables TX:0 and TX:1 are overwritten on each itera...

9.3CVSS6.5AI score0.13124EPSS
Exploits4References6Affected Software1
Positive Technologies
Positive Technologies
added 2019/04/21 12:0 a.m.7 views

PT-2019-12277 · Owasp +1 · Owasp Modsecurity Core Rule Set +1

Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set CRS versions through 3.1.0 Description: An issue was discovered that allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with $a at the beginning and nested...

5.3CVSS6.9AI score0.01625EPSS
Exploits1References11
Packet Storm
Packet Storm
added 2018/03/23 12:0 a.m.53 views

ModSecurity For Nginx Use-After-Free

Hey, TL;DR: UAF in a "non-release" version of ModSecurity for Nginx. !RCE|DoS, no need to panic. Plus some old and even older exploitation vectors. / 1. Use-After-Free UAF / During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWASP Core Rule Set 123. In...

7.1AI score
Exploits0
Rows per page
Query Builder