CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

190 matches found

RedhatCVE•added 2026/04/29 2:48 p.m.•2 views

CVE-2026-7139

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The...

10CVSS8.1AI score0.01221EPSS

Exploits0References1

Packet Storm•added 2026/04/27 12:0 a.m.•44 views

📄 OWASP CRS 3.3.9 / 4.25.x LTS / 4.8.x File Upload Bypass

This proof of concept demonstrating a weakness in some web applications protected by OWASP Core Rule Set CRS or similar filters, where file upload validation can be bypassed using ambiguous filename formatting...

5.3AI score

Exploits0

Tenable Nessus•added 2026/04/21 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-33691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a...

7.5CVSS5.8AI score0.00031EPSS

Exploits0References3

RedhatCVE•added 2026/04/03 12:11 p.m.•1 views

CVE-2026-33691

A flaw was found in the OWASP core rule set CRS, a set of generic attack detection rules for web application firewalls. A remote attacker could exploit this vulnerability by inserting whitespace padding into filenames during file uploads. This bypasses the file extension checks, allowing the uplo...

7.5CVSS5.9AI score0.00031EPSS

Exploits0References2

Packet Storm News•added 2026/04/03 12:0 a.m.•2 views

OWASP CRS Arbitrary File Upload

A vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This has been addressed in versions 3.3.9, 4.25.x LTS, and 4.8.x...

6.8CVSS5.8AI score0.00031EPSS

Exploits0

OSV•added 2026/04/02 4:16 p.m.•3 views

UBUNTU-CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

7.5CVSS5.7AI score0.00031EPSS

Exploits0References3

EUVD•added 2026/04/02 3:3 p.m.•3 views

EUVD-2026-18352

6.8CVSS5.7AI score0.00031EPSS

Exploits0References7

ATTACKERKB•added 2026/04/02 3:3 p.m.•2 views

CVE-2026-33691

6.8CVSS5.7AI score0.00031EPSS

Exploits0References8Affected Software1

Vulnrichment•added 2026/04/02 3:3 p.m.•1 views

CVE-2026-33691 OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks

6.8CVSS5.7AI score0.00031EPSS

Exploits0References7

CNNVD•added 2026/04/02 12:0 a.m.•3 views

OWASP CRS 安全漏洞

OWASP CRS is a set of open-source attack detection rules developed by the CRS Project. Versions prior to OWASP CRS 3.3.9 and 4.25.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of standardization in file extension checks for spaces, which could lead to bypassing...

7.5CVSS5.8AI score0.00031EPSS

Exploits0References8

OSV•added 2026/03/15 5:55 a.m.•3 views

OESA-2026-1573 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...

9.3CVSS5.7AI score0.03984EPSS

Exploits4References2

Debian•added 2026/01/21 9:51 p.m.•3 views

[SECURITY] [DSA 6105-1] modsecurity-crs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6105-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 21, 2026 https://www.debian.org/security/faq -...

9.3CVSS5.4AI score0.03984EPSS

Exploits4

OSV•added 2026/01/16 11:59 a.m.•3 views

OESA-2026-1108 mod_security_crs security update

9.3CVSS6.8AI score0.03984EPSS

Exploits4References2

OSV•added 2026/01/16 11:59 a.m.•2 views

OESA-2026-1107 mod_security_crs security update

9.3CVSS6.8AI score0.03984EPSS

Exploits4References2

OSV•added 2026/01/16 11:59 a.m.•2 views

OESA-2026-1106 mod_security_crs security update

9.3CVSS6.8AI score0.03984EPSS

Exploits4References2

OSV•added 2026/01/16 11:59 a.m.•3 views

OESA-2026-1103 mod_security_crs security update

9.3CVSS6.8AI score0.03984EPSS

Exploits4References2

RedhatCVE•added 2026/01/10 5:40 a.m.•2 views

CVE-2026-21876

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...

9.3CVSS6.8AI score0.03984EPSS

Exploits4References1

RedhatCVE•added 2026/01/09 10:9 a.m.•5 views

CVE-2019-11389

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with next at the beginning and nested repetition operators. NOTE: the...

5.3CVSS6.8AI score0.0051EPSS

Exploits1References1

OSV•added 2026/01/08 2:15 p.m.•0 views

UBUNTU-CVE-2026-21876

9.3CVSS5.8AI score0.03984EPSS

Exploits4References7