201 matches found
EUVD-2026-2737
H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...
CVE-2026-23527
H3 is a minimal HTTP framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It explicitly looks for "chunked", but per the RFC, this heade...
H3 Environmental Issues and Vulnerabilities
H3 is an open-source HTTP framework developed by H3. Versions prior to H3 1.15.5 contained an environmental issue vulnerability. This vulnerability stemmed from the strict case-sensitive handling of the Transfer-Encoding header, which could lead to HTTP request payload attacks...
CVE-2021-27671
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing for example Data: to be used in an attack...
Malicious Package
Overview case-sensitive-paths is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Cursor < 1.7 RCE (GHSA-xcwh-rrwj-gxc7)
The version of Cursor installed on the remote host is prior to 1.7. It is, therefore, affected by a remote code execution vulnerability. Versions 1.6.23 and below contain case-sensitive checks in the way Cursor IDE protects its sensitive files e.g., /.cursor/mcp.json, which allows attackers to...
EUVD-2005-2772
Malware in sbrugna...
EUVD-2021-1936
Malware in sbrugna...
EUVD-2007-4673
Malware in sbrugna...
EUVD-2025-32373
Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the way Cursor IDE protects its sensitive files e.g., /.cursor/mcp.json, which allows attackers to modify the content of these files through prompt injection and achieve remote code...
EUVD-2023-39928
Malicious code in bioql PyPI...
EUVD-2023-0634
Malicious code in bioql PyPI...
EUVD-2024-3490
Malicious code in bioql PyPI...
Cursor 安全漏洞
Cursor is an AI code editor from Cursor Open Source. A security vulnerability exists in Cursor 1.6.23 and earlier versions, which stems from insufficient case-sensitive checking and could lead to remote code execution...
Malicious code in case-sensitive-paths (npm)
The package case-sensitive-paths was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-41953 Malicious code in case-sensitive-paths (npm)
The package case-sensitive-paths was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
OESA-2025-1938 python-Flask-Cors security update
A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching...
USN-7612-1 python-flask-cors vulnerabilities
It was discovered that Flask-CORS did not correctly handle certain regular expressions. A remote attacker could possibly use this issue to leak sensitive information or bypass authentication mechanisms. CVE-2024-6839 It was discovered that Flask-CORS allowed certain CORS headers to be enabled by...
Apache Tomcat 安全漏洞
Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. A security bypass vulnerability exists in Apache Tomcat due to improper handling of a case-sensitive vulnerability in the GCI servle...
Spring Framework DataBinder Case Sensitive Match Exception
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...