Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.9 views

Fedora 44 : cpp-httplib (2026-1b15ac058b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1b15ac058b advisory. Update to 0.48.0 rhbz2481109 Security fixes - Complete the IP-host certificate identity fix from v0.47.0 for the Mbed TLS and wolfSSL backends. An...

9.9CVSS6.1AI score0.00327EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2026/02/27 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-27587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive,...

9.1CVSS6AI score0.0037EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/02/26 12:24 a.m.5 views

SUSE CVE-2026-27587

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An...

9.1CVSS5.8AI score0.0037EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/24 8:31 p.m.10 views

Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass

Summary Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An attacker can bypass path-based routing and any access controls attached to that rou...

9.1CVSS5.6AI score0.0037EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/02/24 8:31 p.m.6 views

GHSA-G7PC-PC7G-H8JH Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass

Summary Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An attacker can bypass path-based routing and any access controls attached to that rou...

8.7CVSS5.7AI score0.0037EPSS
Exploits1References6
NVD
NVD
added 2026/02/24 5:29 p.m.9 views

CVE-2026-27587

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An...

9.1CVSS0.0037EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/24 4:26 p.m.14 views

CVE-2026-27587 Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences %xx it compares against the request's escaped path without lowercasing. An...

8.7CVSS5.9AI score0.0037EPSS
Exploits1References2
OSV
OSV
added 2025/08/16 11:12 a.m.4 views

CVE-2025-38528 bpf: Reject %p% format string in bprintf-like helpers

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...

5.5CVSS7AI score0.00146EPSS
Exploits0References10
Rows per page
Query Builder