Lucene search
+L

570 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.4 views

openSUSE 16 Security Update : containerized-data-importer (openSUSE-SU-2026:20279-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20279-1 advisory. Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338:...

7.5CVSS6AI score0.01956EPSS
Exploits0References9
CNVD
CNVD
added 2026/03/02 12:0 a.m.28 views

Apache Shiro Authentication Bypass Vulnerability

Apache Shiro is the United States Apache Apache Foundation set of Java security framework for performing authentication, authorization, encryption and session management . An authentication bypass vulnerability exists in Apache Shiro versions prior to 2.0.7. The vulnerability stems from an...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 10:20 p.m.8 views

EUVD-2026-8792

MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity...

7CVSS5.2AI score0.00255EPSS
Exploits0References3
OSV
OSV
added 2026/02/26 4:3 p.m.10 views

OPENSUSE-SU-2026:20279-1 Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content bsc1235365. ...

7.5CVSS5.8AI score0.01956EPSS
Exploits0References6
NVD
NVD
added 2026/02/26 1:16 a.m.29 views

CVE-2026-27896

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...

7.5CVSS0.00255EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/26 12:47 a.m.4 views

CVE-2026-27896 MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...

7CVSS5.9AI score0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/26 12:47 a.m.27 views

CVE-2026-27896 MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...

7CVSS0.00255EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.11 views

MCP Go SDK 安全漏洞

MCP Go SDK is an open-source development toolkit for the Model Context Protocol. Versions of the MCP Go SDK prior to 1.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of case-insensitive JSON key matching during the parsing of JSON-RPC and MCP protocol messages,...

7.5CVSS7.3AI score0.00255EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/10 6:55 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the /api/file/getFile endpoint, which performs case-sensitive string equality checks to restrict access to sensitive files. An attacker can access protected configuration files by submitting mixed-case file paths...

8.7CVSS6.5AI score0.00505EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/10 5:47 p.m.28 views

CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

7.5CVSS0.00505EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/10 5:47 p.m.3 views

CVE-2026-25992

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

7.5CVSS5.5AI score0.00505EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/10 5:47 p.m.9 views

CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

7.5CVSS5.5AI score0.00505EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

SiYuan 路径遍历漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.5 contained a path traversal vulnerability. This vulnerability stemmed from the use of case-sensitive string equality checks in the/api/file/getFile endpoint. In file systems tha...

7.5CVSS5.8AI score0.00505EPSS
Exploits1References3
OSV
OSV
added 2026/02/09 12:30 p.m.7 views

GHSA-C244-P6M5-VQJ6 Apache Shiro has an Authentication Bypass

Impact Authentication Bypass: A vulnerability exists in Apache Shiro that allows authentication bypass for static files when served from a case-insensitive filesystem such as the default configuration on macOS or Windows. The issue arises when Shiro's URL filters are configured with lower-case...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/09 12:30 p.m.8 views

Apache Shiro has an Authentication Bypass

Impact Authentication Bypass: A vulnerability exists in Apache Shiro that allows authentication bypass for static files when served from a case-insensitive filesystem such as the default configuration on macOS or Windows. The issue arises when Shiro's URL filters are configured with lower-case...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/09 10:15 a.m.5 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS5.7AI score
Exploits0References2
NVD
NVD
added 2026/02/09 10:15 a.m.13 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS0.00363EPSS
Exploits0References2
OSV
OSV
added 2026/02/09 10:15 a.m.6 views

UBUNTU-CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS7AI score0.00363EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/09 10:15 a.m.4 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS7AI score0.00363EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/09 9:26 a.m.5 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS5.5AI score0.00363EPSS
Exploits0References2
Rows per page
Query Builder