Lucene search
K

548 matches found

OSV
OSV
added 2026/05/15 10:3 a.m.11 views

CLSA-2026-1778839424 gnutls: Fix of CVE-2026-3833

CVE-2026-3833: fix excludedSubtrees/permittedSubtrees bypass by performing case-insensitive comparison of dNSName and rfc822Name domain labels in X.509 nameConstraints processing...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References1
OSV
OSV
added 2026/05/15 8:59 a.m.11 views

CLSA-2026-1778835563 gnutls: Fix of CVE-2026-3833

CVE-2026-3833: fix excludedSubtrees/permittedSubtrees bypass by performing case-insensitive comparison of dNSName and rfc822Name domain labels in X.509 nameConstraints processing...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References1
OSV
OSV
added 2026/05/15 8:5 a.m.5 views

CLSA-2026-1778832314 Fix CVE(s): CVE-2026-3833

SECURITY UPDATE: Certificate policy bypass via case-sensitive nameConstraints - debian/patches/CVE-2026-3833.patch: replace memcmp with cstrncasecmp in endswith, emailendswith, dnsnamematches and emailmatches in lib/x509/nameconstraints.c so DNS labels and email domains are compared...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References1
OSV
OSV
added 2026/05/13 8:56 a.m.10 views

CLSA-2026-1778662564 cups: Fix of CVE-2026-27447

CVE-2026-27447: fix authorization bypass via case-insensitive username comparison in scheduler...

6.3CVSS5.8AI score0.00317EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.11 views

Unity Linux 20.1060e / 20.1070e Security Update: git (UTSA-2026-017630)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017630 advisory. Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files...

8CVSS7AI score0.88644EPSS
Exploits5References4
Vulnrichment
Vulnrichment
added 2026/05/08 3:22 p.m.10 views

CVE-2026-41591 Marko: XSS via case-insensitive script/style closing tag bypass in runtime HTML escaping

Marko is a declarative, HTML-based language for building web apps. Prior to marko version 5.38.36 and prior to @marko/runtime-tags 6.0.164, when dynamic text is interpolated into a or tag the Marko runtime failed to prevent tag breakout when the closing tag used non-lowercase casing. An attacker...

6.4CVSS5.6AI score0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 3:22 p.m.38 views

CVE-2026-41591 Marko: XSS via case-insensitive script/style closing tag bypass in runtime HTML escaping

Marko is a declarative, HTML-based language for building web apps. Prior to marko version 5.38.36 and prior to @marko/runtime-tags 6.0.164, when dynamic text is interpolated into a or tag the Marko runtime failed to prevent tag breakout when the closing tag used non-lowercase casing. An attacker...

6.4CVSS0.00195EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 11:36 a.m.6 views

CLSA-2026-1778142413 cups: Fix of CVE-2026-27447

CVE-2026-27447: fix authorization bypass via case-insensitive username comparison in scheduler...

6.3CVSS5.8AI score0.00317EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/08 3:40 a.m.11 views

EUVD-2026-28508

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall handles URL-encoded slashes %2F in a case-sensitive manner, while percent-encoding is defined to be case-insensitive. As a result, the lowercase equivalent %2f is not recognized...

7.8CVSS5.7AI score0.00396EPSS
Exploits0References4
OSV
OSV
added 2026/05/07 8:18 a.m.8 views

CLSA-2026-1778141904 cups: Fix of CVE-2026-27447

CVE-2026-27447: fix authorization bypass via case-insensitive username comparison in scheduler...

6.3CVSS5.8AI score0.00317EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/05 7:52 p.m.29 views

CVE-2026-40280 Gotenberg SSRF via case-insensitive URL scheme bypass in webhook and downloadFrom deny-lists

Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-sensitive regular expression ^https?:// to match URL schemes. Because Go's net/url.Parse normalizes...

7.8CVSS0.00463EPSS
Exploits1References3
Veracode
Veracode
added 2026/05/03 4:46 p.m.12 views

Improper Access Control

Caddy is vulnerable to Improper Access Control. The vulnerability is due to incorrect case-insensitive matching in the HTTP path request matcher when percent-encoded sequences are present, allowing attackers to alter request path casing and bypass path-based routing or attached access controls...

9.1CVSS5.8AI score0.0037EPSS
Exploits1References4Affected Software2
Snyk
Snyk
added 2026/05/01 5:33 p.m.9 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the RWStlReader::ReadAscii process when buffers returned by StandardReadLineBuffer::ReadLine are not properly length-validated before being used in strncasecmp or accessed directly. An attacker can cause denial of...

7.1CVSS5.8AI score0.00106EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/30 5:19 p.m.16 views

Gotenberg has case-insensitive URL scheme that bypasses webhook and downloadFrom deny-list SSRF protection

Vulnerability Details CWE: CWE-918 - Server-Side Request Forgery SSRF The default private-IP deny-lists for --webhook-deny-list and --api-download-from-deny-list use a case-sensitive regex ^https?://. Any uppercase URL scheme variant HTTP://, HTTPS://, Http:// bypasses the pattern. Go's...

7.8CVSS5.3AI score0.00463EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/04/30 5:19 p.m.5 views

GHSA-5Q7P-7JGV-WW56 Gotenberg has case-insensitive URL scheme that bypasses webhook and downloadFrom deny-list SSRF protection

Vulnerability Details CWE: CWE-918 - Server-Side Request Forgery SSRF The default private-IP deny-lists for --webhook-deny-list and --api-download-from-deny-list use a case-sensitive regex ^https?://. Any uppercase URL scheme variant HTTP://, HTTPS://, Http:// bypasses the pattern. Go's...

9.3CVSS5.8AI score0.00463EPSS
Exploits1References6
Veracode
Veracode
added 2026/04/30 3:15 a.m.13 views

Improper Access Control

Caddy is vulnerable to Improper Access Control. The vulnerability is due to incorrect case-insensitive matching in the HTTP host request matcher when large host lists are configured, allowing attackers to modify the casing of the Host header and bypass host-based routing or associated access...

9.1CVSS5.8AI score0.0037EPSS
Exploits1References4Affected Software2
EUVD
EUVD
added 2026/04/27 8:23 a.m.8 views

EUVD-2026-25791

The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...

9.9CVSS6.5AI score0.0086EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.19 views

PT-2026-35370

Name of the Vulnerable Software and Affected Versions Apache Camel versions 3.0.0 through 4.14.5 Apache Camel versions 4.15.0 through 4.18.1 Apache Camel versions 4.19.0 through 4.19.x Description Certain non-HTTP HeaderFilterStrategy implementations, specifically JmsHeaderFilterStrategy and...

9.9CVSS6.5AI score0.0086EPSS
Exploits0References21
OSV
OSV
added 2026/04/25 11:30 p.m.5 views

GHSA-72H4-MXFC-JX37 Heimdall: Case-sensitive host matching may lead to policy bypass

Summary Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimdall failing to match a rule for a request host that differs only in letter casing, potentially causing the request to be classified differently than...

7.8CVSS5.8AI score0.00301EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.11 views

PT-2026-37187

Name of the Vulnerable Software and Affected Versions Heimdall versions prior to 0.17.14 Description Heimdall performs host matching in a case-sensitive manner, which conflicts with the case-insensitive nature of HTTP hostnames. This discrepancy allows a request host that differs only in letter...

7.8CVSS5.8AI score0.00301EPSS
Exploits0References11
Rows per page
Query Builder