Search Vulnerabilities

prompts.chat Identity Confusion via Case-Sensitive Username Handling

OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks

OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027

DataEase is Vulnerable to H2 JDBC RCE Bypass

simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key that enables RCE

Traefik: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`)

MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity

Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass

Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass

File Browser has an Authentication Bypass in User Password Update

Formio improperly authorized permission elevation through specially crafted request path

Cursor IDE: Sensitive File Overwrite Bypass is Possible

Cursor CLI Agent: Sensitive File Overwrite Bypass

Apache Tomcat: Security constraint bypass for CGI scripts

Libsoup: cookie domain validation bypass via uppercase characters in libsoup

Case-Insensitive Path Matching in corydolphin/flask-cors

Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004

Spring LDAP sensitive data exposure for case-sensitive comparisons

social-auth-app-django Improper Handling of Case Sensitivity vulnerability

Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem