4591 matches found
CVE-2026-10083
creationtimestamp| type| source ---|---|--- 2026-06-29 07:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116832221707811519 2026-06-29 07:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mpfxrflfcf2b 2026-06-29 07:54:05+00:00| seen|...
gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...
gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...
PT-2026-53690
Name of the Vulnerable Software and Affected Versions CSS::Minifier::XS versions prior to 0.14 Description The minify function contains a memory leak that occurs when processing a document consisting entirely of characters intended for removal, such as whitespace and comments, resulting in the...
CVE-2026-58057
Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'nodeoptions' bypasses the NODEOPTIONS denylist entry. An authenticated user who can configure a Custo...
CVE-2026-58057 Flowise - Custom MCP Environment Variable Denylist Bypass via Case Sensitivity
Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'nodeoptions' bypasses the NODEOPTIONS denylist entry. An authenticated user who can configure a Custo...
CVE-2026-58057
Flowise before 3.1.3 is affected: a case-sensitive denylist for Custom MCP stdio environment variables allows bypass on Windows (case-insensitive env names). An authenticated user who can configure a Custom MCP node can inject NODE_OPTIONS --require to execute arbitrary code in the Flowise server...
EUVD-2026-39968
The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...
CVE-2026-8095
The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...
PT-2026-53089
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.3 Description An authenticated user can execute arbitrary code in the server context by configuring a Custom MCP node. The issue occurs because environment variables are validated against a denylist using a...
Linux Distros Unpatched Vulnerability : CVE-2026-13035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral...
CVE-2026-8095
CVE-2026-8095 — The Frontend File Manager Plugin for WordPress (up to version 23.6) is vulnerable to Authenticated Arbitrary File Deletion. A case-sensitive bypass of the wpfm_dir_path parameter sanitization in the wpfm_file_meta_update AJAX handler allows an attacker to overwrite the stored file...
CVE-2026-8095 Frontend File Manager Plugin <= 23.6 - Authenticated (Subscriber+) Arbitrary File Deletion
The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...
CVE-2026-13331
creationtimestamp| type| source ---|---|--- 2026-06-27 05:58:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mparov4yk72s 2026-06-27 08:16:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mpazf6ojtj2g 2026-06-29 19:22:24+00:00| seen|...
CVE-2026-52785
creationtimestamp| type| source ---|---|--- 2026-06-26 23:45:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpa4twxjql23 2026-06-28 19:00:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mpenuzqf3u2x...
CVE-2026-54350
creationtimestamp| type| source ---|---|--- 2026-06-26 22:50:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp7zrsqa4s2x 2026-06-27 20:01:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mpcarllaqs2c 2026-06-29 19:21:10+00:00| seen|...
EUVD-2026-38083
Authelia has an Edge Case Access Control Rule Mismatch...
GHSA-2FMJ-P74R-3WJM PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)
Summary pontedilana/php-weasyprint guarded the output filename against the phar:// stream wrapper with a case-sensitive blacklist: php if 0 === \strpos$filename, 'phar://' throw new \InvalidArgumentException'The output file cannot be a phar archive.'; PHP stream wrappers are case-insensitive, so...
Security Bulletin: Vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat. Vulnerabilities include an authorization bypass, providing the power necessary to let users build semantic templates, allowing arbitrary code to be...
CVE-2026-48930
A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...