Lucene search
K

560 matches found

EUVD
EUVD
added 2026/02/26 10:20 p.m.7 views

EUVD-2026-8792

MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity...

7CVSS5.2AI score0.00255EPSS
Exploits0References3
OSV
OSV
added 2026/02/26 4:3 p.m.10 views

OPENSUSE-SU-2026:20279-1 Security update for containerized-data-importer

This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data bsc1235204. - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content bsc1235365. ...

7.5CVSS5.8AI score0.01956EPSS
Exploits0References6
NVD
NVD
added 2026/02/26 1:16 a.m.26 views

CVE-2026-27896

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...

7.5CVSS0.00255EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/26 12:47 a.m.4 views

CVE-2026-27896 MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...

7CVSS5.9AI score0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/26 12:47 a.m.22 views

CVE-2026-27896 MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc...

7CVSS0.00255EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.8 views

MCP Go SDK 安全漏洞

MCP Go SDK is an open-source development toolkit for the Model Context Protocol. Versions of the MCP Go SDK prior to 1.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of case-insensitive JSON key matching during the parsing of JSON-RPC and MCP protocol messages,...

7.5CVSS7.3AI score0.00255EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/18 10:44 p.m.5 views

Incorrect Comparison Logic Granularity

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Comparison Logic Granularity due to the normalizeForHash function. An attacker can cause stale sandbox containers to be reused by modifying the order of primitive values in...

4.8CVSS5.6AI score0.00157EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/10 6:55 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the /api/file/getFile endpoint, which performs case-sensitive string equality checks to restrict access to sensitive files. An attacker can access protected configuration files by submitting mixed-case file paths...

8.7CVSS6.5AI score0.00505EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/10 5:47 p.m.27 views

CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

7.5CVSS0.00505EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/10 5:47 p.m.3 views

CVE-2026-25992

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

7.5CVSS5.5AI score0.00505EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/10 5:47 p.m.8 views

CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

7.5CVSS5.5AI score0.00505EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

SiYuan 路径遍历漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.5 contained a path traversal vulnerability. This vulnerability stemmed from the use of case-sensitive string equality checks in the/api/file/getFile endpoint. In file systems tha...

7.5CVSS5.8AI score0.00505EPSS
Exploits1References3
OSV
OSV
added 2026/02/09 12:30 p.m.5 views

GHSA-C244-P6M5-VQJ6 Apache Shiro has an Authentication Bypass

Impact Authentication Bypass: A vulnerability exists in Apache Shiro that allows authentication bypass for static files when served from a case-insensitive filesystem such as the default configuration on macOS or Windows. The issue arises when Shiro's URL filters are configured with lower-case...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/09 12:30 p.m.6 views

Apache Shiro has an Authentication Bypass

Impact Authentication Bypass: A vulnerability exists in Apache Shiro that allows authentication bypass for static files when served from a case-insensitive filesystem such as the default configuration on macOS or Windows. The issue arises when Shiro's URL filters are configured with lower-case...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/02/09 10:15 a.m.11 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS0.00363EPSS
Exploits0References2
OSV
OSV
added 2026/02/09 10:15 a.m.4 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS5.7AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/02/09 10:15 a.m.3 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS7AI score0.00363EPSS
Exploits0References4
OSV
OSV
added 2026/02/09 10:15 a.m.4 views

UBUNTU-CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS7AI score0.00363EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/09 9:26 a.m.32 views

CVE-2026-23903 Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

0.00363EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/09 9:26 a.m.2 views

Authentication Bypass by Alternate Name

Overview org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name while serving static files from...

6.9CVSS5.6AI score0.00363EPSS
Exploits0References2
Rows per page
Query Builder