570 matches found
CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass
Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...
CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass
Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...
CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass
Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...
PT-2026-34608
Name of the Vulnerable Software and Affected Versions Marko affected versions not specified Description When dynamic text is interpolated into or tags, the runtime fails to prevent tag breakout if the closing tag uses non-lowercase casing. This occurs because the system uses case-sensitive regula...
Astro: XSS in define:vars via incomplete </script> tag sanitization
Summary The defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace or / before the closing , allowing ...
PT-2026-34233
Summary The defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace or / before the closing , allowing ...
[slackware-security] cups
New cups packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/cups-2.4.17-i586-1slack15.0.txz: Upgraded. This update fixes security issues: The scheduler treated local user and group names as...
cups: OpenPrinting CUPS: Authorization bypass via case-insensitive username comparison
A flaw was found in OpenPrinting CUPS. This authorization bypass vulnerability allows an unprivileged user to gain unauthorized access to restricted operations. This can be exploited by using a username that differs only in case from an authorized user during authorization checks...
OESA-2026-1933 cups security update
CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol IPP to support printing to local and network printers. Security Fixes: OpenPrinting CUPS is an open source printing system for Linux and othe...
GHSA-HG7G-56H5-5PQR CAPTCHA Bypass in WWBN/AVideo via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure
Summary objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with a case-insensitive strcasecmp comparison over a 33-character...
SUSE CVE-2026-27447
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...
Gotenberg has incomplete fix for ExifTool arbitrary file write: case-insensitive bypass and missing HardLink/SymLink tags
Summary The fix for ExifTool arbitrary file write commit 043b158, released in v8.29.0 uses a case-sensitive blocklist to filter dangerous pseudo-tags. ExifTool processes tag names case-insensitively, so alternate casings bypass the filter. The blocklist also omits the HardLink and SymLink...
GHSA-QMWH-9M9C-H36M Gotenberg has incomplete fix for ExifTool arbitrary file write: case-insensitive bypass and missing HardLink/SymLink tags
Summary The fix for ExifTool arbitrary file write commit 043b158, released in v8.29.0 uses a case-sensitive blocklist to filter dangerous pseudo-tags. ExifTool processes tag names case-insensitively, so alternate casings bypass the filter. The blocklist also omits the HardLink and SymLink...
OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup
...
Linux Distros Unpatched Vulnerability : CVE-2026-27447
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an...
CVE-2026-27447
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...
DEBIAN-CVE-2026-27447
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...
ALPINE-CVE-2026-27447
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...
CVE-2026-27447
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...
UBUNTU-CVE-2026-27447
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...