Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2921 matches found

OSV
OSVadded 2026/04/02 4:16 p.m.3 views

UBUNTU-CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

7.5CVSS5.7AI score0.00868EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2026/04/02 4:16 p.m.1 views

CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

7.5CVSS5.9AI score0.00868EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/02 3:3 p.m.20 views

CVE-2026-33691 OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

6.8CVSS0.00868EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/04/02 3:3 p.m.7 views

CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

6.8CVSS5.7AI score0.00868EPSS
Exploits0References8Affected Software1
CVE
CVEadded 2026/04/02 3:3 p.m.33 views

CVE-2026-33691

The CVE-2026-33691 issue affects OWASP CRS prior to versions 3.3.9 and 4.25.0, where whitespace padding in filenames bypasses the file-extension checks for dangerous extensions (.php, .phar, .jsp, .jspx) because the extension regex is not applied after normalizing whitespace. The vulnerability is...

7.5CVSS5.7AI score0.00868EPSS
Exploits0References10Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/02 3:3 p.m.2 views

CVE-2026-33691 OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

6.8CVSS5.7AI score0.00868EPSS
Exploits0References7
EUVD
EUVDadded 2026/04/02 3:3 p.m.4 views

EUVD-2026-18352

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

6.8CVSS5.7AI score0.00868EPSS
Exploits0References7
Debian CVE
Debian CVEadded 2026/04/02 3:3 p.m.4 views

CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

7.5CVSS5.2AI score0.00868EPSS
Exploits0
Debian
Debianadded 2026/03/30 3:20 p.m.5 views

[SECURITY] [DLA 4518-1] phpseclib security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4518-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 30, 2026 https://wiki.debian.org/LTS -...

8.2CVSS5.9AI score0.00376EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2026/03/30 12:0 a.m.6 views

Debian dla-4518 : php-seclib - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4518 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4518-1 [email protected]...

8.2CVSS6AI score0.00376EPSS
Exploits1References6
Debian
Debianadded 2026/03/29 7:7 p.m.3 views

[SECURITY] [DSA 6187-1] php-phpseclib3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6187-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 29, 2026 https://www.debian.org/security/faq -...

8.2CVSS5.9AI score0.00376EPSS
Exploits1
Debian
Debianadded 2026/03/29 7:2 p.m.5 views

[SECURITY] [DSA 6186-1] php-phpseclib security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6186-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 29, 2026 https://www.debian.org/security/faq -...

8.2CVSS5.9AI score0.00376EPSS
Exploits1
Debian
Debianadded 2026/03/29 6:54 p.m.6 views

[SECURITY] [DSA 6185-1] phpseclib security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6185-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 29, 2026 https://www.debian.org/security/faq -...

8.2CVSS5.9AI score0.00376EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2026/03/29 12:0 a.m.3 views

Debian dsa-6187 : php-phpseclib3 - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6187 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6187-1 [email protected]...

8.2CVSS6AI score0.00376EPSS
Exploits1References7
Tenable Nessus
Tenable Nessusadded 2026/03/29 12:0 a.m.3 views

Debian dsa-6186 : php-phpseclib - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6186 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6186-1 [email protected]...

8.2CVSS5.9AI score0.00376EPSS
Exploits1References7
EUVD
EUVDadded 2026/03/28 12:30 p.m.3 views

EUVD-2016-10841

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the...

8.6CVSS6.4AI score0.00203EPSS
Exploits1References4
OSV
OSVadded 2026/03/28 12:16 p.m.3 views

UBUNTU-CVE-2016-20044

PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the...

8.6CVSS6.4AI score0.00241EPSS
Exploits1References5
UbuntuCve
UbuntuCveadded 2026/03/28 12:16 p.m.1 views

CVE-2018-25220

Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwri...

9.8CVSS6.6AI score0.00637EPSS
Exploits1References4
UbuntuCve
UbuntuCveadded 2026/03/28 12:16 p.m.4 views

CVE-2016-20043

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the...

8.6CVSS6.4AI score0.00203EPSS
Exploits1References4
OSV
OSVadded 2026/03/28 12:16 p.m.2 views

UBUNTU-CVE-2016-20043

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the...

8.6CVSS6.5AI score0.00203EPSS
Exploits1References5
Rows per page
Query Builder