CWE-178 · Improper Handling of Case Sensitivity
36 CVEs classified under CWE-178 (Improper Handling of Case Sensitivity). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40453 | Critical | 9.9 | 2026-04-27 | The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filt… |
CVE-2026-47323 | Critical | 9.8 | 2026-05-19 | Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilter… |
CVE-2026-28292 | Critical | 9.8 | 2026-03-10 | `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypas… |
CVE-2023-3545 | Critical | 9.8 | 2023-11-28 | Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to b… |
CVE-2023-4759 | High | 8.8 | 2023-09-12 | Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git re… |
CVE-2026-46392 | High | 8.7 | 2026-06-05 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extension… |
CVE-2021-39155 | High | 8.3 | 2021-08-24 | Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggrega… |
CVE-2026-22665 | High | 8.1 | 2026-04-03 | prompts.chat prior to commit 1464475, contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of username… |
CVE-2025-59944 | High | 8.1 | 2025-10-03 | Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the way Cursor IDE protects its sensitive fil… |
CVE-2026-43513 | High | 7.5 | 2026-05-12 | Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 1… |
CVE-2026-29054 | High | 7.5 | 2026-03-05 | Traefik is an HTTP reverse proxy and load balancer. From version 2.11.9 to 2.11.37 and from version 3.1.3 to 3.6.8, there is a potential vulnerability in Traef… |
CVE-2024-23331 | High | 7.5 | 2024-01-19 | Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-au… |
CVE-2025-61593 | High | 7.1 | 2025-10-03 | Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its sensitive files (i.e… |
CVE-2026-33691 | Medium | 6.8 | 2026-04-02 | The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0… |
CVE-2026-3833 | Medium | 6.5 | 2026-04-30 | A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName… |
CVE-2023-46218 | Medium | 6.5 | 2023-12-07 | This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. T… |
CVE-2017-8493 | Medium | 5.5 | 2017-06-15 | Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set varia… |
CVE-2026-25889 | Medium | 5.4 | 2026-02-09 | File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.5… |
CVE-2024-6866 | Medium | 5.3 | 2025-03-20 | corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the `try_match` function, wh… |
CVE-2024-32879 | Medium | 4.9 | 2024-04-24 | Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB dat… |