570 matches found
openSUSE 16 Security Update : containerized-data-importer (openSUSE-SU-2026:20279-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20279-1 advisory. Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338:...
Apache Shiro Authentication Bypass Vulnerability
Apache Shiro is the United States Apache Apache Foundation set of Java security framework for performing authentication, authorization, encryption and session management . An authentication bypass vulnerability exists in Apache Shiro versions prior to 2.0.7. The vulnerability stems from an...
EUVD-2026-8792
MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity...
OPENSUSE-SU-2026:20279-1 Security update for containerized-data-importer
This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content bsc1235365. ...
CVE-2026-27896
The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...
CVE-2026-27896 MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity
The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...
CVE-2026-27896 MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity
The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...
MCP Go SDK 安全漏洞
MCP Go SDK is an open-source development toolkit for the Model Context Protocol. Versions of the MCP Go SDK prior to 1.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of case-insensitive JSON key matching during the parsing of JSON-RPC and MCP protocol messages,...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the /api/file/getFile endpoint, which performs case-sensitive string equality checks to restrict access to sensitive files. An attacker can access protected configuration files by submitting mixed-case file paths...
CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...
CVE-2026-25992
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...
CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability
SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...
SiYuan 路径遍历漏洞
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.5 contained a path traversal vulnerability. This vulnerability stemmed from the use of case-sensitive string equality checks in the/api/file/getFile endpoint. In file systems tha...
GHSA-C244-P6M5-VQJ6 Apache Shiro has an Authentication Bypass
Impact Authentication Bypass: A vulnerability exists in Apache Shiro that allows authentication bypass for static files when served from a case-insensitive filesystem such as the default configuration on macOS or Windows. The issue arises when Shiro's URL filters are configured with lower-case...
Apache Shiro has an Authentication Bypass
Impact Authentication Bypass: A vulnerability exists in Apache Shiro that allows authentication bypass for static files when served from a case-insensitive filesystem such as the default configuration on macOS or Windows. The issue arises when Shiro's URL filters are configured with lower-case...
CVE-2026-23903
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...
CVE-2026-23903
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...
UBUNTU-CVE-2026-23903
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...
CVE-2026-23903
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...
CVE-2026-23903
Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...