CVE-2026-7836

A flaw was found in Netatalk. A remote attacker with low privileges could exploit a bug in the hextoint macro related to uppercase characters. This vulnerability could lead to a low impact on data integrity...

RLSA-2025:8128 Important: libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

Libsoup: cookie domain validation bypass via uppercase characters in libsoup

...

CVE-2025-4035 Libsoup: cookie domain validation bypass via uppercase characters in libsoup

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set...

URL Protocol Bypass

katex is vulnerable to URL Protocol Bypass. The vulnerability is due to insufficient validation of URL protocols by the KaTeX library's trust option. It allows malicious inputs containing URLs with uppercase characters in the protocol to bypass the blacklist mechanism...

CVE-2024-28246 KaTeX is missing normalization of the protocol in URLs allows bypassing forbidden protocols

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

CVE-2024-28246

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to cross-site scripting. The vulnerability exists in the sanitise function of HTMLEditorSanitiser.php because of uppercase characters in HTMLEditor which allows an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting attacks. The vulnerability exists because the SpoonLibrary does not properly handle uppercase characters, which allows remote authenticated attackers to inject and execute malicious javascript via the publishontime Parameter...

Password Security Scanner - Check the security/strength of your passwords on Windows

This utility scans the passwords stored by popular Windows applications Microsoft Outlook, Internet Explorer, Mozilla Firefox, and more... and displays security information about all these passwords. The security information of every stored password includes the total number of characters, number...

Cross site scripting

Cross-site scripting XSS vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels...

CVE-2007-3365

MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information script source code via a modified extension, as demonstrated by post.mscgI...