Falhas do tipo CWE-178

49 resultados

CVE-2025-27636MEDIUMApache Camel: Camel Message Header Injection via Improper FilteringEPSS 79.8%CVE-2021-24347—SP Project & Document Manager <2 4.22 - Authenticated Shell UploadEPSS 52.0%CVE-2025-46701HIGHApache Tomcat: Security constraint bypass for CGI scriptsEPSS 2.6%CVE-2004-2154CRITICALCUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a prinEPSS 2.1%CVE-2023-3545CRITICALChamilo LMS Htaccess File Upload Security BypassEPSS 2.0%CVE-2023-4759HIGHImproper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file writeEPSS 1.9%CVE-2023-46218MEDIUMThis flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allEPSS 1.7%CVE-2002-0485HIGHNorton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headeEPSS 1.5%CVE-2026-28292CRITICALsimple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key that enables RCEEPSS 1.3%CVE-2021-39155HIGHAuthorization Policy Bypass Due to Case Insensitive Host ComparisonEPSS 1.2%CVE-2021-25920MEDIUMIn OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious userEPSS 1.1%CVE-2026-33691MEDIUMOWASP CRS: Whitespace padding in filenames bypasses file upload extension checksEPSS 1.0%CVE-2022-29604CRITICALAn issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a nEPSS 1.0%CVE-2026-47323CRITICALApache Camel: Camel-CXF Message Header Injection via Missing Inbound FilteringEPSS 1.0%CVE-2024-23331HIGHVite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystemEPSS 0.8%CVE-2024-5699CRITICALIn violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be EPSS 0.8%CVE-2026-49336MEDIUM@microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapterEPSS 0.7%CVE-2024-6866MEDIUMCase-Insensitive Path Matching in corydolphin/flask-corsEPSS 0.6%CVE-2024-38820LOWCVE-2024-38820: Spring Framework DataBinder Case Sensitive Match ExceptionEPSS 0.6%CVE-2024-32879MEDIUMsocial-auth-app-django Improper Handling of Case Sensitivity vulnerabilityEPSS 0.6%

← anteriorpágina 1 / 3próxima →