frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

CVE-2026-33691: OWASP CRS whitespace padding bypass vulnerability

2•relunsec•1h ago
a vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This issue has been assigned CVE‑2026‑33691.

Impact: Attackers may evade CRS protections and upload web shells disguised with whitespace‑padded extensions. Exploitation is most practical on Windows backends that normalize whitespace in filenames before execution, In linux harder because it require a backend that use like `.strip()` and `.trim()` and other whitespace trimming methods depending on the language here vulnerable to that or the webserver strip whitespaces or the backend on general, If not they not vulnerable to that.

Fix: Patched in CRS v3.3.9, v4.25.x LTS, and v4.8.x. Security fixes are always backported to supported branches.

References:

Full advisory: https://github.com/coreruleset/coreruleset/security/advisori...

Credits: Reported by RelunSec (aka @HackingRepo on Github).

Amazon's Rural Delivery Push Slams into Walmart

https://www.bloomberg.com/graphics/2026-amazon-walmart-rural-expansion/
1•smurda•12s ago•0 comments

We use to measure distance in the past

https://en.wikipedia.org/wiki/Bematist
1•olirex99•21s ago•0 comments

TrimSheetFast – Fast Game-Ready Trim Sheets in Seconds

https://trimsheetfast.com
1•mikecaps•42s ago•0 comments

Airflow 2.11.2

https://airflow.apache.org/docs/apache-airflow/stable/release_notes.html
1•marklit•50s ago•0 comments

Vandalize Friend

https://www.vandalizefriend.com
1•structuredPizza•2m ago•0 comments

The Stranglehold

https://sphera.substack.com/p/the-stranglehold
1•KyleVlaros•2m ago•0 comments

Show HN: Rhizome – semantic backlinks for your notes, generated locally

https://github.com/matzalazar/rhizome
1•matzalazar•2m ago•0 comments

Russia took satellite images of US air base before Iranian attack, Ukraine says

https://www.nbcnews.com/world/ukraine/russia-us-base-american-troops-zelenskyy-rcna265612
1•MilnerRoute•3m ago•0 comments

Bob Dylan opened a new Patreon page to share AI content

https://www.patreon.com/cw/BobDylan180
2•101008•3m ago•1 comments

Reverse engineering a mystery BLE mesh network using ESP32/Telink

https://github.com/AndriiKempa/BLEIOT/discussions/33
1•KempaAndrii•4m ago•0 comments

The End of Economics?

https://scottsumner.substack.com/p/the-end-of-economics
1•paulpauper•4m ago•0 comments

Pluribus – MCP and REST memory layer for AI agents (durable, shared, enforced)

https://github.com/johnnyjoy/pluribus
1•johnnyjoy•7m ago•0 comments

Corridor Crew Covers Gaussian Splats [video]

https://www.youtube.com/watch?v=_Qe_0aj4eEM
1•chintler•10m ago•1 comments

AI Won't Fix Your Org Chart

https://pragmatist.nl/ai-wont-fix-your-org-chart/
1•gpi•10m ago•0 comments

Zyxel Access Points now support OpenWrt-Based customized firmware

https://support.zyxel.eu/hc/en-us/articles/34301184444690-Zyxel-OpenWrt-Zyxel-Access-Points-Suppo...
2•cromka•11m ago•1 comments

We Added a Console Notice to Internationalizationext – and Why We Removed It

https://www.locize.com/blog/i18next-support-notice/
1•screeny05•11m ago•0 comments

The Digital Leviathan

https://brownstone.org/articles/the-digital-leviathan/
2•sediment•12m ago•0 comments

Faster 6502-on-6502 virtualization for a C64/Apple II Apple-1 emulator

http://oldvcr.blogspot.com/2026/03/6o6-v11-faster-6502-on-6502.html
1•adunk•15m ago•0 comments

Tradeoff Sliders: Interactive exploration of constrained spaces

http://andersource.dev/2026/03/29/tradeoff-sliders.html
1•andersource•18m ago•0 comments

Another

https://www.timerforemails.com/
1•afoone•19m ago•0 comments

Gestalt – AI PC builder that compares Amazon vs. eBay prices in real time

https://github.com/Xydra01/Gestalt
2•Xydra01•20m ago•0 comments

Typing and Keyboards

https://lzon.ca/posts/series/grateful/typing-and-keyboards/
3•jpmitchell•23m ago•1 comments

They bought an SF laundromat for passive income. Then problems

https://www.sfgate.com/local/article/the-laundry-hub-sf-22063097.php
4•paulpauper•24m ago•1 comments

Show HN: I made a "programming language" looking for feedback

https://github.com/alonsovm44/glupe
2•alonsovm•24m ago•1 comments

How to Find Your Personal Optimal Diet

https://www.exfatloss.com/p/how-to-find-your-personal-optimal
1•paulpauper•25m ago•0 comments

Show HN: Unlisted – Daily job alerts from 30 low-competition sources

https://unlisted.shelter.money
1•dreamsandcode•25m ago•0 comments

Toyota CEO Warns Top Suppliers: 'Unless Things Change, We Will Not Survive'

https://www.autonews.com/toyota/an-toyota-suppliers-koji-sato-kenta-kon-warning-boost-productivit...
6•ilamont•25m ago•1 comments

Bypassing the DOM to Mathematically Deep-Fry MP4s and Images (Rust/WASM)

https://theglitch.ing/
1•helba-ai•27m ago•0 comments

Why Socializing Loses to Alcohol in Addiction

https://neurosciencenews.com/alcohol-bias-anterior-insula-30223/
2•gnabgib•27m ago•0 comments

Show HN: DeepRepo – AI architecture diagrams from GitHub repos

https://deeprepo.dev
2•uwais12•27m ago•0 comments