gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

EUVD-2026-36427

Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher...

CVE-2026-53721

Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher. This issue has been patched in versions 3.21.7 and 4.4...

CVE-2026-53721 Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher

Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher. This issue has been patched in versions 3.21.7 and 4.4...

CVE-2026-53721 Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher

Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher. This issue has been patched in versions 3.21.7 and 4.4...

CVE-2026-53721

CVE-2026-53721 affects Nuxt (Vue.js framework) earlier branches: 3.11.0–3.21.6 and 4.0.0–4.4.6 are vulnerable to a route-rule middleware bypass caused by a case-sensitivity mismatch between vue-router and the routeRules matcher. The issue has been patched in Nuxt versions 3.21.7 and 4.4.7. The CV...

PT-2026-48880

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.11.0 through 3.21.6 Nuxt versions 4.0.0 through 4.4.6 Description A route-rule middleware bypass exists due to a case-sensitivity mismatch between vue-router and the routeRules matcher. Recommendations Update to version 3.21.7...

crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

USN-8417-1 tomcat9, tomcat10 vulnerabilities

It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. CVE-2026-41284 It was discovered that Tomcat incorrectly validated HTTP/2...

Exploit for CVE-2026-48595

CVE-2026-48595 - elixir-tesla tesla Vulnerability Quick Us...

Important: tomcat10

Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are...

Important: tomcat9

Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are...

Exploit for CVE-2026-48595

CVE-2026-48595 - elixir-tesla tesla Vulnerability Quick Us...

CVE-2026-43513

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions...

CVE-2026-44367

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

CVE-2026-42273

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimdall failing to match a rule for a request host...

CVE-2026-46392 HAX CMS PHP Has a Stored XSS via Case-Sensitivity Mismatch in HTML Upload Validation

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

HAX 安全漏洞

HAX is an open-source microsite managed using HAX+CMS with a PHP backend. Versions of HAX prior to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the saveFile endpoint’s validation mechanism, which does not distinguish between uppercase and lowercase file extensions...

CVE-2026-48595

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

CVE-2026-8404

A flaw was found in Django. The django.middleware.cache.UpdateCacheMiddleware component does not correctly process Cache-Control response directives when they use uppercase or mixed-case values. This vulnerability allows a remote attacker to read responses that should not have been cached, leadin...