Lucene search
K

553 matches found

EUVD
EUVD
added 2026/03/10 6:38 p.m.5 views

EUVD-2026-10790

simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key enables RCE...

9.8CVSS5.8AI score0.01296EPSS
Exploits1References2
OSV
OSV
added 2026/03/10 6:38 p.m.7 views

GHSA-R275-FR43-PM7Q simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key enables RCE

Summary The blockUnsafeOperationsPlugin in simple-git fails to block git protocol override arguments when the config key is passed in uppercase or mixed case. An attacker who controls arguments passed to git operations can enable the ext:: protocol by passing -c PROTOCOL.ALLOW=always, which...

9.8CVSS7.4AI score0.01296EPSS
Exploits1References6
Snyk
Snyk
added 2026/03/10 6:38 p.m.6 views

Improper Handling of Case Sensitivity

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the preventProtocolOverride function, which fails to properly validate case-insensitive configuration...

9.8CVSS7.7AI score0.02784EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.4 views

openSUSE 16 Security Update : containerized-data-importer (openSUSE-SU-2026:20279-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20279-1 advisory. Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338:...

7.5CVSS6AI score0.01956EPSS
Exploits0References9
CNVD
CNVD
added 2026/03/02 12:0 a.m.24 views

Apache Shiro Authentication Bypass Vulnerability

Apache Shiro is the United States Apache Apache Foundation set of Java security framework for performing authentication, authorization, encryption and session management . An authentication bypass vulnerability exists in Apache Shiro versions prior to 2.0.7. The vulnerability stems from an...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 10:20 p.m.7 views

EUVD-2026-8792

MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity...

7CVSS5.2AI score0.00255EPSS
Exploits0References3
OSV
OSV
added 2026/02/26 4:3 p.m.10 views

OPENSUSE-SU-2026:20279-1 Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content bsc1235365. ...

7.5CVSS5.8AI score0.01956EPSS
Exploits0References6
NVD
NVD
added 2026/02/26 1:16 a.m.26 views

CVE-2026-27896

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...

7.5CVSS0.00255EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/26 12:47 a.m.4 views

CVE-2026-27896 MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...

7CVSS5.9AI score0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/26 12:47 a.m.22 views

CVE-2026-27896 MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...

7CVSS0.00255EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.8 views

MCP Go SDK 安全漏洞

MCP Go SDK is an open-source development toolkit for the Model Context Protocol. Versions of the MCP Go SDK prior to 1.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of case-insensitive JSON key matching during the parsing of JSON-RPC and MCP protocol messages,...

7.5CVSS7.3AI score0.00255EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/10 6:55 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the /api/file/getFile endpoint, which performs case-sensitive string equality checks to restrict access to sensitive files. An attacker can access protected configuration files by submitting mixed-case file paths...

8.7CVSS6.5AI score0.00505EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/10 5:47 p.m.27 views

CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

7.5CVSS0.00505EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/10 5:47 p.m.3 views

CVE-2026-25992

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

7.5CVSS5.5AI score0.00505EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/10 5:47 p.m.8 views

CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

7.5CVSS5.5AI score0.00505EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

SiYuan 路径遍历漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.5 contained a path traversal vulnerability. This vulnerability stemmed from the use of case-sensitive string equality checks in the/api/file/getFile endpoint. In file systems tha...

7.5CVSS5.8AI score0.00505EPSS
Exploits1References3
OSV
OSV
added 2026/02/09 12:30 p.m.5 views

GHSA-C244-P6M5-VQJ6 Apache Shiro has an Authentication Bypass

Impact Authentication Bypass: A vulnerability exists in Apache Shiro that allows authentication bypass for static files when served from a case-insensitive filesystem such as the default configuration on macOS or Windows. The issue arises when Shiro's URL filters are configured with lower-case...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/09 12:30 p.m.6 views

Apache Shiro has an Authentication Bypass

Impact Authentication Bypass: A vulnerability exists in Apache Shiro that allows authentication bypass for static files when served from a case-insensitive filesystem such as the default configuration on macOS or Windows. The issue arises when Shiro's URL filters are configured with lower-case...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/09 10:15 a.m.4 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS5.7AI score
Exploits0References2
NVD
NVD
added 2026/02/09 10:15 a.m.11 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS0.00363EPSS
Exploits0References2
Rows per page
Query Builder