4 matches found
CVE-2026-62230
Grav
CVE-2026-62230 Grav < 2.0.4 File Access Bypass via Case Variation
Grav before 2.0.4 ships a default .htaccess and reference webserver-configs/htaccess.txt whose rules blocking access to sensitive file types .yaml, .php, .json, etc. lack the NC flag, making extension matching case-sensitive. On case-insensitive filesystems Windows/NTFS, macOS/HFS+, or Docker...
CVE-2026-1525 undici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications...
Psudohash - Password List Generator That Focuses On Keywords Mutated By Commonly Used Password Creation Patterns
psudohash is a password list generator for orchestrating brute force attacks. It imitates certain password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers, using char-case variations, adding a common padding before or after the word and more. ...