Lucene search
K

206 matches found

Debian CVE
Debian CVE
added 2026/06/12 8:6 p.m.10 views

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS5.7AI score0.00268EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/06/12 8:6 p.m.5 views

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS5.7AI score0.00268EPSS
Exploits1References1
OSV
OSV
added 2026/06/06 8:39 a.m.11 views

BIT-DJANGO-2026-8404 Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

5.3CVSS5.4AI score0.00285EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.11 views

CVE-2026-41067

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline ,...

6.1CVSS5.4AI score0.00189EPSS
Exploits1References1
NVD
NVD
added 2026/06/05 7:16 p.m.13 views

CVE-2026-46392

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

8.7CVSS0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:20 p.m.6 views

CVE-2026-46392

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

8.7CVSS5.5AI score0.01036EPSS
Exploits3References2Affected Software1
NVD
NVD
added 2026/06/02 8:16 p.m.12 views

CVE-2026-48595

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

8.2CVSS0.00396EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2026/06/02 7:8 p.m.11 views

CVE-2026-48595 Authorization header leaks to third-party origin on cross-origin redirect in Tesla.Middleware.FollowRedirects

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

8.2CVSS5.8AI score0.00396EPSS
Exploits2References4
CVE
CVE
added 2026/06/02 7:8 p.m.30 views

CVE-2026-48595

The CVE-2026-48595 entry describes an Authorization header leakage in Tesla’s Elixir Tesla middleware (FollowRedirects) due to a case-sensitive comparison against a lowercase filter list for headers like Authorization/host. HTTP header names are case-insensitive, but Tesla preserves header keys a...

8.2CVSS5.8AI score0.00396EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2026/05/26 7:4 a.m.10 views

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/26 6:40 a.m.12 views

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS5.7AI score0.00566EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/05/20 2:59 p.m.83 views

dependabot-pip-mako-case-poc

Dependabot pip-updater: case-sensitive advisory name match Po...

8.7CVSS5.8AI score0.00609EPSS
Exploits1
OSV
OSV
added 2026/05/19 12:50 a.m.8 views

CLSA-2026-1779107085 gnutls: Fix of CVE-2026-3833

CVE-2026-3833: fix nameConstraints dNSName/rfc822Name case-sensitive memcmp bypass...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References1
OSV
OSV
added 2026/05/15 6:17 a.m.11 views

MGASA-2026-0139 Updated tomcat packages fix security vulnerability

Unbounded read in WebDAV LOCK and PROPFIND handling. CVE-2026-41284 HTTP/2 request headers not validated. CVE-2026-41293 WebSocket authentication header exposure. CVE-2026-42498 Digest authenticator will authenticate any unknown user. CVE-2026-43512 LockOutRealm treats user names as case-sensitiv...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References10
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Gotenberg 代码问题漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.31.0 contained code vulnerabilities. These vulnerabilities stemmed from the default rejection list using regular expressions...

9.4CVSS5.9AI score0.00352EPSS
Exploits1References2
OSV
OSV
added 2026/05/12 6:30 p.m.5 views

GHSA-5MP6-JRQ3-R938 Apache Tomcat: LockOutRealm treats user names as case-sensitive

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions...

7.5CVSS5.7AI score0.00467EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.26 views

Apache Tomcat: LockOutRealm treats user names as case-sensitive

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions...

7.5CVSS5.7AI score0.00467EPSS
Exploits0References10Affected Software3
Cvelist
Cvelist
added 2026/05/08 3:42 a.m.57 views

CVE-2026-42273 Heimdall: Case-sensitive host matching may lead to policy bypass

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimdall failing to match a rule for a request host...

7.8CVSS0.00301EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:42 a.m.10 views

CVE-2026-42273

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimdall failing to match a rule for a request host...

7.8CVSS5.7AI score0.00301EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 3:42 a.m.10 views

CVE-2026-42273 Heimdall: Case-sensitive host matching may lead to policy bypass

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimdall failing to match a rule for a request host...

7.8CVSS5.7AI score0.00301EPSS
Exploits0References4
Rows per page
Query Builder