CVE-2026-21876 OWASP CRS has multipart bypass using multiple content-type parts

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...

EUVD-2012-4563

Malware in sbrugna...

EUVD-2015-6559

Malware in sbrugna...

EUVD-2023-44459

Malicious code in bioql PyPI...

EUVD-2025-25425

Malicious code in bioql PyPI...

EUVD-2023-44429

Malicious code in bioql PyPI...

EUVD-2023-44455

Malicious code in bioql PyPI...

Apache 2.4.x < 2.4.65

The version of Apache httpd installed on the remote host is prior to 2.4.65. It is, therefore, affected by a vulnerability as referenced in the 2.4.65 advisory. - A bug in Apache HTTP Server 2.4.64 results in all RewriteCond expr ... tests evaluating as true. Users are recommended to upgrade to...

curl: Disclosure of email addresses

https://github.com/curl/curl/blob/master/.mailmap Impact Summary: Disclosure of email addresses...

CVE-2023-3796

A vulnerability, which was classified as problematic, has been found in Bug Finder Foody Friend 1.0. Affected by this issue is some unknown functionality of the file /user/profile of the component Profile Picture Handler. The manipulation of the argument profilepicture leads to unrestricted uploa...

curl: Memory Leak

in getparameter via strdup in toolgetparam.c SIGSEGV Project: cURL File: src/toolgetparam.c Function: getparameter → indirectly via getstr Detected By: AddressSanitizer ASan Command Used: ASANOPTIONS="detectleaks=1:verbosity=2:malloccontextsize=50" ./curl -K Overview A memory leak vulnerability h...

python3.12-ply bug fix and enhancement update

An update is available for python3.12-ply. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...

gcc bug fix update

An update is available for gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ad...

libdnf bug fix update

An update is available for libdnf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A Library providing simplified C and Python API to libsolv. Bug Fixes: error:...

Linux Distros Unpatched Vulnerability : CVE-2022-2182

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-2182 Note that Nessus relies on the presence of the package as reported by the...

CVE-2022-49361 f2fs: fix to do sanity check for inline inode

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check for inline inode Yanming reported a kernel bug in Bugzilla kernel 1, which can be reproduced. The bug message is: The kernel message is shown below: kernel BUG at fs/inode.c:611! Call Trace:...

curl: curl doesn't hide credentials in /proc/XXX/cmdline provided via CLI arguments

Summary: cleanarg helper func doesn't work, when credentials are provided without a whitespace to a short options flag, e.g. -uUSER:PASS vs -u USER:PASS or -UUSER:PASS vs -U UUSER:PASS Affected version curl -V curl 8.12.1 x8664-pc-linux-musl libcurl/8.12.1 OpenSSL/3.3.3 zlib/1.3.1 brotli/1.1.0...

curl: TLS Cipher Misconfiguration in HTTP/3/QUIC Support

Summary: This vulnerability occurs when the --ciphers option is used with the curl command to manually specify TLS cipher suites. HTTP/3 or QUIC fails to function in this scenario because QUIC does not rely on traditional TLS cipher suites defined for TLS 1.2 or earlier. Consequently, using the...

curl: ("possible") UAF

Title: Potential Use-After-Free Vulnerability in cfh2proxyctxfree Function of libcurl Vulnerability Overview: A potential Use-After-Free UAF vulnerability has been identified in the cfh2proxyctxfree function of the libcurl library. This issue occurs when the cfh2proxyctx object is freed and then...

CVE-2025-24728

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Yannick Lefebvre Bug Library bug-library allows Blind SQL Injection.This issue affects Bug Library: from n/a through = 2.1.4...