CWE-178: CWE-178

This vulnerability allows authenticated users to upload malicious PHP files by changing the file extension case (e.g., 'php' to 'pHP'), bypassing the ...

This vulnerability in Drupal Core allows attackers to escalate privileges, potentially gaining administrative access to Drupal sites. It affects Drupa...

This vulnerability in Cursor IDE allows attackers to bypass case-sensitive file protection checks on case-insensitive filesystems. By exploiting promp...

This vulnerability allows remote unauthenticated attackers to bypass Traefik's protection mechanisms and remove critical X-Forwarded headers that iden...

This vulnerability in flask-cors 4.01 allows unauthorized origins to bypass CORS restrictions due to case-insensitive path matching. Attackers can acc...

This vulnerability allows attackers to bypass Vite's server.fs.deny file access restrictions on case-insensitive file systems (like Windows) by using ...

Softwarebuero Zauner ARC 4.2.0.4 has improper case sensitivity handling in password authentication, making brute-force attacks more effective by reduc...

This vulnerability in Apache Tomcat's CGI servlet allows attackers to bypass security constraints by exploiting improper case sensitivity handling in ...

An origin validation error in the elysia-cors library allows attackers to bypass CORS restrictions by using malicious domains that contain legitimate ...

A case-sensitivity flaw in File Browser's password validation allows authenticated users to change passwords without providing the current password. B...

A vulnerability in libsoup allows malicious websites to bypass public suffix protections and set cookies for domains they don't own when the domain co...

CVE-2025-67718 is a path handling vulnerability in Form.io that allows attackers to bypass authentication and access protected API endpoints. Unauthen...