Lucene search
K

23 matches found

EUVD
EUVD
added 2026/06/18 2:28 p.m.13 views

EUVD-2026-37766

undici vulnerable to cross-user information disclosure via shared cache whitespace bypass...

5.9CVSS7AI score0.00374EPSS
Exploits0References3
OSV
OSV
added 2026/06/06 8:39 a.m.11 views

BIT-DJANGO-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/03 1:16 p.m.8 views

CVE-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

3.1CVSS5.8AI score0.00354EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/03 1:16 p.m.36 views

CVE-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

3.1CVSS0.00354EPSS
Exploits0References3
OSV
OSV
added 2026/06/03 1:16 p.m.1 views

CVE-2026-48587 Potential exposure of private data via whitespace padding in Vary header

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

2.3CVSS5.9AI score0.00354EPSS
Exploits0References7
OSV
OSV
added 2026/06/03 1:0 p.m.9 views

UBUNTU-CVE-2026-48587

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.3CVSS5.3AI score0.00354EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-45944

Name of the Vulnerable Software and Affected Versions Django versions prior to 5.2.15 Django versions prior to 6.0.6 Description The django.utils.cache.has vary header function does not strip leading or trailing whitespace from Vary response header values before comparison. This allows remote...

5.3CVSS5.6AI score0.00354EPSS
Exploits0References40
Amazon
Amazon
added 2026/04/13 12:0 a.m.7 views

Medium: mod_security_crs

Issue Overview: Whitespace padding in filenames bypasses file upload extension checks NOTE: https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w CVE-2026-33691 Affected Packages: modsecuritycrs Issue Correction: Run dnf update modsecuritycrs --releasever...

7.5CVSS5.8AI score0.02172EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.7 views

Amazon Linux 2023 : mod_security_crs (ALAS2023-2026-1562)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1562 advisory. Whitespace padding in filenames bypasses file upload extension checks NOTE: https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w CVE-2026-33691 Tenable has extracted the...

7.5CVSS5.8AI score0.02172EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/04/03 12:0 a.m.16 views

OWASP CRS Arbitrary File Upload

A vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This has been addressed in versions 3.3.9, 4.25.x LTS, and 4.8.x...

6.8CVSS5.8AI score0.02172EPSS
Exploits0
NVD
NVD
added 2026/04/02 4:16 p.m.6 views

CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

7.5CVSS0.02172EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/04/02 4:16 p.m.4 views

CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

7.5CVSS5.9AI score0.02172EPSS
Exploits0References2
OSV
OSV
added 2026/04/02 4:16 p.m.37 views

UBUNTU-CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

7.5CVSS5.7AI score0.02172EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/02 3:3 p.m.33 views

CVE-2026-33691 OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

6.8CVSS0.02172EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/02 3:3 p.m.3 views

CVE-2026-33691 OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

6.8CVSS5.7AI score0.02172EPSS
Exploits0References7
CVE
CVE
added 2026/04/02 3:3 p.m.45 views

CVE-2026-33691

The CVE-2026-33691 issue affects OWASP CRS prior to versions 3.3.9 and 4.25.0, where whitespace padding in filenames bypasses the file-extension checks for dangerous extensions (.php, .phar, .jsp, .jspx) because the extension regex is not applied after normalizing whitespace. The vulnerability is...

7.5CVSS5.7AI score0.02172EPSS
Exploits0References10Affected Software1
Debian CVE
Debian CVE
added 2026/04/02 3:3 p.m.7 views

CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

7.5CVSS5.2AI score0.02172EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/02 3:3 p.m.13 views

CVE-2026-33691

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

6.8CVSS5.7AI score0.02172EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/04/02 3:3 p.m.4 views

CVE-2026-33691 OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions .php, .phar, .jsp, .jspx by inserting whitespace...

6.8CVSS5.9AI score0.02172EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/02/19 10:24 p.m.22 views

CVE-2026-26320 OpenClaw macOS deep link confirmation truncation can conceal executed agent message

OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full...

7.1CVSS0.00426EPSS
Exploits0References3
Rows per page
Query Builder