VYPR

CWE-178

Improper Handling of Case Sensitivity

BaseIncomplete

Description

The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (67)

page 3 of 4
  • CVE-2024-32879MedApr 24, 2024
    risk 0.25cvss 4.9epss 0.01

    Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue…

  • CVE-2024-38829LowDec 4, 2024
    risk 0.24cvss 3.7epss 0.00

    A vulnerability in Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of…

  • CVE-2026-8404LowJun 3, 2026
    risk 0.20cvss 3.1epss 0.00

    An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached…

  • CVE-2026-47203lowMay 29, 2026
    risk 0.19cvss 4.0epss 0.00

    ### Impact **CVSSv4 Baseline Score:** Moderate 6.3 **CVSSv4 Weighted Score:** Low 2.9 The full CVSSv4 Vector for this vulnerability is: > CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:L/IR:L/AR:L/MAV:N/MAC:H/MAT:N/MPR:N/MUI:N/MVC:L/MVI:N/MVA:N/MSC:N/M…

  • CVE-2026-44367LowJun 2, 2026
    risk 0.18cvss 2.7epss 0.00

    Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service (DoS) and…

  • CVE-2018-9845CriApr 29, 2018
    risk 0.01cvss 9.8epss 0.13

    Etherpad Lite before 1.6.4 is exploitable for admin access.

  • CVE-2026-55170lowJun 18, 2026
    risk 0.00cvss epss

    ## Description In OpenFGA, when MySQL is being used as the datastore, two distinct check requests can return the same response. ## Preconditions This applies if the following preconditions are met: 1. You run OpenFGA with MySQL as the datastore 2. Your authorization…

  • CVE-2026-29054Mar 5, 2026
    risk 0.00cvss epss 0.00

    Traefik is an HTTP reverse proxy and load balancer. From version 2.11.9 to 2.11.37 and from version 3.1.3 to 3.6.8, there is a potential vulnerability in Traefik managing the Connection header with X-Forwarded headers. When Traefik processes HTTP/1.1 requests, the protection put…

  • CVE-2026-27588Feb 24, 2026
    risk 0.00cvss epss 0.00

    Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP `host` request matcher is documented as case-insensitive, but when configured with a large host list (>100 entries) it becomes case-sensitive due to an optimized matching path.…

  • CVE-2026-27587Feb 24, 2026
    risk 0.00cvss epss 0.00

    Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP `path` request matcher is intended to be case-insensitive, but when the match pattern contains percent-escape sequences (`%xx`) it compares against the request's escaped path…

  • CVE-2026-25992Feb 10, 2026
    risk 0.00cvss epss 0.01

    SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems such as Windows, attackers can bypass restrictions using mixed-case…

  • CVE-2026-25889Feb 9, 2026
    risk 0.00cvss epss 0.00

    File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password (or…

  • CVE-2025-46701May 29, 2025
    risk 0.00cvss epss 0.03

    Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6,…

  • CVE-2024-6866Mar 20, 2025
    risk 0.00cvss epss 0.01

    corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but…

  • CVE-2025-27636Mar 9, 2025
    risk 0.00cvss epss 0.80

    Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS,…

  • CVE-2025-24399Jan 22, 2025
    risk 0.00cvss epss 0.01

    Jenkins OpenId Connect Authentication Plugin 4.452.v2849b_d3945fa_ and earlier, except 4.438.440.v3f5f201de5dc, treats usernames as case-insensitive, allowing attackers on Jenkins instances configured with a case-sensitive OpenID Connect provider to log in as any user by…

  • CVE-2025-23042Jan 14, 2025
    risk 0.00cvss epss 0.01

    Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter case of a blocked file or…

  • CVE-2024-55634Dec 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

  • CVE-2024-38820Oct 18, 2024
    risk 0.00cvss epss 0.01

    The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

  • CVE-2024-23331Jan 19, 2024
    risk 0.00cvss epss 0.01

    Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092…