Lucene search
K

5561 matches found

CVE
CVE
added 2026/04/02 3:3 p.m.42 views

CVE-2026-33691

The CVE-2026-33691 issue affects OWASP CRS prior to versions 3.3.9 and 4.25.0, where whitespace padding in filenames bypasses the file-extension checks for dangerous extensions (.php, .phar, .jsp, .jspx) because the extension regex is not applied after normalizing whitespace. The vulnerability is...

7.5CVSS5.7AI score0.01025EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2026/04/02 3:3 p.m.30 views

CVE-2026-33691 OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

6.8CVSS0.01025EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/02 2:45 p.m.1 views

CVE-2026-34804

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00168EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/02 2:45 p.m.9 views

CVE-2026-34804

Endian Firewall

6.4CVSS5.9AI score0.00168EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/04/02 12:3 a.m.3 views

Improper Following of a Certificate's Chain of Trust

Overview Affected versions of this package are vulnerable to Improper Following of a Certificate's Chain of Trust in the TLS Client/Server authentication for database cluster connections. An attacker can gain unauthorized access to the cluster, read and modify sensitive data, escalate privileges,...

10CVSS5.9AI score0.00381EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.10 views

RuleForge: Automated Generation and Validation for Web Vulnerability Detection at Scale

Security teams face a challenge: the volume of newly disclosed Common Vulnerabilities and Exposures CVEs far exceeds the capacity to manually develop detection mechanisms. In 2025, the National Vulnerability Database published over 48,000 new vulnerabilities, motivating the need for automation. W...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29764

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00168EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by Rack authors. Vulnerabilities exist in versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6. These vulnerabilities stem from Rack::Staticapplicablerules’ evaluation of header rules for PATHINFO when the original URL is encoded. The underlyin...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29695

SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions...

5.3CVSS5.9AI score0.00225EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.6 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall dscp parameter, which stems from improper handling of the dscp parameter in /manage/qos/rules/, and can be exploited by an attacker to inject malicious JavaScript...

6.4CVSS5.7AI score0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.2 views

PT-2026-29919

Summary Rack::Staticapplicable rules evaluates several header rules types against the raw URL-encoded PATH INFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a URL-encoded variant of a static path can serve the same file without the heade...

5.3CVSS5.9AI score0.00195EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-23402

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: x86/mmu: Only WARN in direct MMUs when overwriting shadow-present SPTE Adjust KVM's sanity check against overwriting a shadow-present SPTE with a another...

5.5CVSS6.1AI score0.00165EPSS
Exploits0References3
RubySec
RubySec
added 2026/04/02 12:0 a.m.8 views

Rack:: Static header_rules bypass via URL-encoded paths

Summary Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a URL-encoded variant of a static path can serve the same file without the headers...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/01 9:31 a.m.6 views

EUVD-2026-17818

A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 9:16 a.m.6 views

CVE-2026-23402

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only WARN in direct MMUs when overwriting shadow-present SPTE Adjust KVM's sanity check against overwriting a shadow-present SPTE with a another SPTE with a different target PFN to only apply to direct MMUs, i.e. on...

5.5CVSS0.00165EPSS
Exploits0References3
NVD
NVD
added 2026/04/01 7:16 a.m.8 views

CVE-2026-4748

A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...

7.5CVSS0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 6:18 a.m.29 views

CVE-2026-4748 pf silently ignores certain rules

A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...

0.0025EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 6:18 a.m.16 views

CVE-2026-4748

CVE-2026-4748 relates to FreeBSD pf: a regression in hash calculation causes rules using address range syntax (x.x.x.x - y.y.y.y) that differ only in the range to be dropped as duplicates, loading only the first such rule. Ranges in address[/mask-bits] syntax were not affected. Affected rules may...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 6:18 a.m.7 views

CVE-2026-4748 pf silently ignores certain rules

A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...

5.9AI score0.0025EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 6:18 a.m.4 views

CVE-2026-4748

A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the...

5.9AI score0.0025EPSS
Exploits0References2
Rows per page
Query Builder