The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, ho…

Etherpad Lite before 1.6.4 is exploitable for admin access.

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This is…

An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and…

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, th…

Windows DNS Information Disclosure Vulnerability

MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions…

Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass acc…

Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source…

Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an …

Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Window…

Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manne…

The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all…

Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by reques…

register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with…

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. Howev…

The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view …

A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to…

A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from…

Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remot…

uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows remote attackers to execu…

A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly hand…

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case…

Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs…

IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by req…

Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions …

In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not co…

An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows …

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, …

Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters…

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows…

Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments who…

Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny…

jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a …

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, d…

Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-s…

The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-va…

In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creatin…

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed ba…

Istio is an open source platform for providing a uniform way to integrate microservices, manage…