Lucene search
+L

570 matches found

Cvelist
Cvelist
added 2026/04/24 4:57 p.m.30 views

CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...

6.1CVSS0.00189EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/24 4:57 p.m.3 views

CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...

6.1CVSS5.5AI score0.00189EPSS
Exploits1References1
OSV
OSV
added 2026/04/24 4:57 p.m.3 views

CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...

6.1CVSS6AI score0.00189EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.16 views

PT-2026-34608

Name of the Vulnerable Software and Affected Versions Marko affected versions not specified Description When dynamic text is interpolated into or tags, the runtime fails to prevent tag breakout if the closing tag uses non-lowercase casing. This occurs because the system uses case-sensitive regula...

6.4CVSS5.6AI score0.00195EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/04/21 8:39 p.m.14 views

Astro: XSS in define:vars via incomplete </script> tag sanitization

Summary The defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace or / before the closing , allowing ...

6.1CVSS6AI score0.00189EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.13 views

PT-2026-34233

Summary The defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace or / before the closing , allowing ...

6.1CVSS6AI score0.00189EPSS
Exploits1References5
Slackware Linux
Slackware Linux
added 2026/04/17 9:29 p.m.11 views

[slackware-security] cups

New cups packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/cups-2.4.17-i586-1slack15.0.txz: Upgraded. This update fixes security issues: The scheduler treated local user and group names as...

7.8CVSS5.8AI score0.00502EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2026/04/17 5:4 p.m.3 views

cups: OpenPrinting CUPS: Authorization bypass via case-insensitive username comparison

A flaw was found in OpenPrinting CUPS. This authorization bypass vulnerability allows an unprivileged user to gain unauthorized access to restricted operations. This can be exploited by using a username that differs only in case from an authorized user during authorization checks...

6.3CVSS6AI score0.00317EPSS
Exploits1References6
OSV
OSV
added 2026/04/17 1:0 p.m.10 views

OESA-2026-1933 cups security update

CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol IPP to support printing to local and network printers. Security Fixes: OpenPrinting CUPS is an open source printing system for Linux and othe...

7.8CVSS6.4AI score0.00502EPSS
Exploits7References8
OSV
OSV
added 2026/04/14 11:13 p.m.7 views

GHSA-HG7G-56H5-5PQR CAPTCHA Bypass in WWBN/AVideo via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure

Summary objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with a case-insensitive strcasecmp comparison over a 33-character...

5.3CVSS5.9AI score0.00218EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/04/07 11:27 p.m.6 views

SUSE CVE-2026-27447

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...

4.8CVSS5.8AI score0.00317EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2026/04/07 6:16 p.m.12 views

Gotenberg has incomplete fix for ExifTool arbitrary file write: case-insensitive bypass and missing HardLink/SymLink tags

Summary The fix for ExifTool arbitrary file write commit 043b158, released in v8.29.0 uses a case-sensitive blocklist to filter dangerous pseudo-tags. ExifTool processes tag names case-insensitively, so alternate casings bypass the filter. The blocklist also omits the HardLink and SymLink...

6.1AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/07 6:16 p.m.2 views

GHSA-QMWH-9M9C-H36M Gotenberg has incomplete fix for ExifTool arbitrary file write: case-insensitive bypass and missing HardLink/SymLink tags

Summary The fix for ExifTool arbitrary file write commit 043b158, released in v8.29.0 uses a case-sensitive blocklist to filter dangerous pseudo-tags. ExifTool processes tag names case-insensitively, so alternate casings bypass the filter. The blocklist also omits the HardLink and SymLink...

8.8CVSS5.9AI score
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/04/05 8:1 a.m.3 views

OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup

...

6.3CVSS5.7AI score0.00317EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-27447

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an...

6.3CVSS5.5AI score0.00317EPSS
Exploits1References4
NVD
NVD
added 2026/04/03 10:16 p.m.5 views

CVE-2026-27447

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...

6.3CVSS0.00317EPSS
Exploits1References2
OSV
OSV
added 2026/04/03 10:16 p.m.1 views

DEBIAN-CVE-2026-27447

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...

6.3CVSS5.3AI score0.00317EPSS
Exploits1References1
OSV
OSV
added 2026/04/03 10:16 p.m.4 views

ALPINE-CVE-2026-27447

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...

6.3CVSS5.3AI score0.00317EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/03 10:16 p.m.3 views

CVE-2026-27447

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...

6.3CVSS5.9AI score0.00317EPSS
Exploits1References3
OSV
OSV
added 2026/04/03 10:16 p.m.5 views

UBUNTU-CVE-2026-27447

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...

6.3CVSS5.8AI score0.00317EPSS
Exploits1References4
Rows per page
Query Builder