22 matches found
Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity
CVE-2024-27198 Lab Description TeamCity provides an admin-...
Improper Access Control
Caddy is vulnerable to Improper Access Control. The vulnerability is due to incorrect case-insensitive matching in the HTTP path request matcher when percent-encoded sequences are present, allowing attackers to alter request path casing and bypass path-based routing or attached access controls...
Improper Access Control
Caddy is vulnerable to Improper Access Control. The vulnerability is due to incorrect case-insensitive matching in the HTTP host request matcher when large host lists are configured, allowing attackers to modify the casing of the Host header and bypass host-based routing or associated access...
CVE-2026-40910
frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser...
LobeHub 安全漏洞
LobeHub is an open-source AI dialogue framework developed by LobeHub. Versions of LobeHub prior to 2.1.48 contained security vulnerabilities. These vulnerabilities stemmed from the WebAPI authentication layer, which trusted client control headers that had only been XOR-encrypted. This allowed...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the Kubernetes Ingress and Knative provider buildRule/buildHostRule processes in the pkg/provider/kubernetes/ingress and pkg/provider/kubernetes/knative components. An attacker can bypass...
Linux Distros Unpatched Vulnerability : CVE-2026-27587
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive,...
SUSE CVE-2026-27587
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An...
SUSE CVE-2026-27588
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...
Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass
Summary Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass host-based routing and any access controls attached to that route by changing the...
CVE-2026-27587
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An...
UBUNTU-CVE-2026-27588
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...
CVE-2026-27588 Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...
CVE-2026-27588
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...
CVE-2026-27587 Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An...
CVE-2026-27587
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An...
CVE-2026-27587
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An...
Caddy 安全漏洞
Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy prior to 2.11.1 contained security vulnerabilities. These vulnerabilities stemmed from the HTTP path request matcher’s sensitivity to case differences when processing patterns that included...
Improper Access Control
liferay-portal is vulnerable to Improper Access Control. The vulnerability is due to JSON Web Services being registered and invoked directly as classes, where these services bypass expected routing and are executed in a way that triggers Service Access Policies SAP unintentionally. This allows...
GreaterWMS 安全漏洞
GreaterWMS is an inventory management system from GreaterWMS open source. A security vulnerability exists in GreaterWMS version 2.1.49 and prior versions that stems from /staff routing not being handled correctly, allowing an unauthenticated attacker to bypass authentication and elevate privilege...