SUSE CVE-2026-27588

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...

CVE-2026-27588

A flaw was found in Caddy's HTTP host request matcher. When Caddy is configured with a large list of host entries, its host matching becomes unexpectedly case-sensitive instead of case-insensitive as documented. A remote attacker can exploit this by altering the casing of the Host header in HTTP...

DEBIAN-CVE-2026-27588

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...

CVE-2026-27588

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...

CVE-2026-27588

creationtimestamp| type| source ---|---|--- 2026-02-23 04:23:55+00:00| published-proof-of-concept| https://github.com/caddyserver/caddy/security/advisories/GHSA-x76f-jf84-rqj8 2026-02-25 02:40:26+00:00| seen| https://gist.github.com/alon710/0a4d2120827a83418bc6e8325fbd6767 2026-02-25...

CVE-2021-27588

When a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2023-27588

creationtimestamp| type| source ---|---|--- 2023-03-14 21:23:18+00:00| seen| https://t.me/cibsecurity/60024...

CVE-2023-27588 Unauthenticated path traversal vulnerability in Hasura GraphQL Engine

Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects...

CVE-2023-27588

CVE-2023-27588 describes an unauthenticated path traversal vulnerability in Hasura GraphQL Engine. Affected are self-hosted Hasura deployments that are publicly exposed and not protected by a WAF or HTTP protections; Hasura Cloud deployments are not vulnerable. The issue is triggered by improper ...

Command injection vulnerability in QNAP VioStar series NVR

Overview VioStar series NVR provided by QNAP Systems, Inc. contains a command injection vulnerability CVE-2022-27588, CWE-77. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary command may be executed by a remote...

QNAP Releases Firmware Patches for 9 New Flaws Affecting NAS Devices

QNAP, Taiwanese maker of network-attached storage NAS devices, on Friday released security updates to patch nine security weaknesses, including a critical issue that could be exploited to take over an affected system. "A vulnerability has been reported to affect QNAP VS Series NVR running QVR,"...

CVE-2022-27588 Vulnerability in QVR

We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later...

CVE-2022-27588

CVE-2022-27588 affects QNAP QVR (VS Series NVR) with a command injection vulnerability. Affected software versions include pre-5.1.6 build 20220401; the issue allows remote arbitrary command execution without authentication. The vulnerability has been fixed in QVR 5.1.6 build 20220401 and later. ...

CVE-2021-27588

creationtimestamp| type| source ---|---|--- 2021-03-09 18:51:42+00:00| seen| https://t.me/cibsecurity/24601...

CVE-2021-27588

When a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2021-27588

CVE-2021-27588 affects SAP 3D Visual Enterprise Viewer 9, where HPGL file parsing lacks proper length validation, causing a stack-based buffer overflow that can lead to remote code execution. The ZDI advisory specifies that exploitation requires the user to open a malicious HPGL file or visit a m...

lectoro.com XSS vulnerability

Vulnerable URL: http://www.lectoro.com/index.php?ytq=%3C%2Fscript%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSSPOSED%2F%29%3E=search Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 09:30 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

apache-mod-rewrite.rb.txt

require 'msf/core' module Msf class Exploits::Windows::Http::Apachemodrewrite 'Apache ModRewrite escapeabsoluteuri Off-By-One Buffer Overflow', 'Description' = %q This module exploits a off-by-one buffer overflow. RewriteRule must be enabled and rule must meets this criteria: beginning of the...

Apache mod_rewrite LDAP URL buffer overflow

Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...