Lucene search
+L

120 matches found

NVD
NVD
added 2026/03/30 9:17 p.m.4 views

CVE-2026-27018

Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patched in version 8.29.0...

8.8CVSS0.00538EPSS
Exploits1References4
OSV
OSV
added 2026/03/30 9:17 p.m.4 views

UBUNTU-CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/30 8:36 p.m.23 views

CVE-2026-32884 Botan: Case-Insensitive CN Values Bypass DNS excludedSubtrees Name Constraints (RFC 5280 Violation)

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS0.00158EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/30 8:36 p.m.4 views

CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.3AI score0.00158EPSS
Exploits0
EUVD
EUVD
added 2026/03/30 8:36 p.m.5 views

EUVD-2026-17212

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/30 8:36 p.m.2 views

CVE-2026-32884 Botan: Case-Insensitive CN Values Bypass DNS excludedSubtrees Name Constraints (RFC 5280 Violation)

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 8:36 p.m.3 views

CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/30 8:36 p.m.16 views

CVE-2026-32884

CVE-2026-32884 — Botan (C++ crypto library) : Prior to version 3.11.0, during X.509 name constraints processing, Botan could mis-handle a mixed-case common name (CN) when no subject alternative name (SAN) is present. The CN check against DNS name constraints was effectively case-sensitive, allowi...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/30 8:36 p.m.3 views

CVE-2026-32884 Botan: Case-Insensitive CN Values Bypass DNS excludedSubtrees Name Constraints (RFC 5280 Violation)

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.8AI score0.00158EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/03/30 8:36 p.m.4 views

CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 8:14 p.m.2 views

CVE-2026-27018

Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patched in version 8.29.0...

8.8CVSS5.7AI score0.00574EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/30 8:14 p.m.27 views

CVE-2026-27018 Gotenberg: Chromium deny-list bypass via case-insensitive URL scheme

Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patched in version 8.29.0...

8.8CVSS0.00538EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/30 4:16 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through improper handling of case-insensitive URL schemes in the FilterDeadline function. An attacker can access arbitrary files within the container by submitting URLs with mixed-case or uppercase schem...

8.8CVSS6AI score0.00538EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/30 4:16 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through improper handling of case-insensitive URL schemes in the FilterDeadline function. An attacker can access arbitrary files within the container by submitting URLs with mixed-case or uppercase schem...

8.8CVSS6AI score0.00538EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.9 views

Gotenberg 代码问题漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.29.0 contained code vulnerabilities. These vulnerabilities were due to a patch that addressed CVE-2024-21527, which could be...

8.8CVSS5.9AI score0.00538EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.12 views

Botan 信任管理问题漏洞

Botan is a C++ encryption library developed by Jack Lloyd as an individual project. Versions of Botan prior to 3.11.0 had a trust management vulnerability. This vulnerability stemmed from improper checks of mixed-case common names when processing X.509 certificate paths, which could lead to...

5.9CVSS5.8AI score0.00158EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 6:16 p.m.11 views

CVE-2026-25992

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

7.5CVSS0.00505EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/10 5:47 p.m.28 views

CVE-2026-25992 SiYuan has a File Read Interface Case Bypass Vulnerability

SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case paths and read...

7.5CVSS0.00505EPSS
Exploits1References2
CVE
CVE
added 2026/02/10 5:47 p.m.19 views

CVE-2026-25992

SiYuan before 3.5.5 exposes a vulnerability in the /api/file/getFile endpoint: it uses case-sensitive equality checks to block access on case-insensitive file systems (e.g., Windows). An attacker can bypass restrictions via mixed-case paths and read protected configuration files. Impact is confid...

7.5CVSS5.5AI score0.00505EPSS
Exploits1References2Affected Software1
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.18 views

This flaw allows a malicious HTTP server to set "super cookies" in curl

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

6.5CVSS7.2AI score0.01685EPSS
Exploits1
Rows per page
Query Builder