Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-178

CWE-178

Improper Handling of Case Sensitivity

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

73 vulnerabilities with CWE-178

CVE-2026-53721 HIGH

Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher

CVE-2026-45062 HIGH

FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files

CVE-2026-47346 HIGH

TYPO3 CMS - Broken Access Control in Form Framework

CVE-2026-46392 HIGH

HAX CMS PHP <26.0.0 HTML Upload Validation - Stored Cross-Site Scripting

CVE-2026-8404 LOW

Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware

CVE-2026-48595 HIGH

Authorization header leaks to third-party origin on cross-origin redirect in Tesla.Middleware.FollowRedirects

CVE-2026-44367 LOW

Klaw: user lockout due to case sensitivity inconsistency

CVE-2026-47323 CRITICAL

Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering

CVE-2026-43513 HIGH

Apache Tomcat: LockOutRealm treats user names as case-sensitive

CVE-2026-42273 HIGH

Heimdall: Case-sensitive host matching may lead to policy bypass

CVE-2026-42272 HIGH

Heimdall: Case-sensitive handling of URL-encoded slashes may lead to inconsistent path interpretation

CVE-2026-3833 MEDIUM

Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison

CVE-2026-40453 CRITICAL

Apache Camel HeaderFilterStrategy - Case-Variant Internal Header Injection

CVE-2026-22665 HIGH

prompts.chat Identity Confusion via Case-Sensitive Username Handling

CVE-2026-33691 MEDIUM

OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks

CVE-2026-3532 MEDIUM

OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027

CVE-2026-32939 HIGH

DataEase is Vulnerable to H2 JDBC RCE Bypass

CVE-2026-28292 CRITICAL

simple-git 3.15.0-3.32.2 - Remote Code Execution

CVE-2026-29054 HIGH

Traefik 2.11.9-2.11.37/3.1.3-3.6.8 - Auth Bypass

CVE-2026-27896 HIGH

modelcontextprotocol/go-sdk < 1.3.1 - JSON-RPC Field Case Sensitivity Bypass via Non-Standard Casing

CVE-2026-27588 CRITICAL

Caddy < 2.11.1 - Host Header Routing Bypass via Case Sensitivity Mismatch

CVE-2026-27587 CRITICAL

Caddy < 2.11.1 - Path-Based Routing Bypass via Case Sensitivity Mismatch

CVE-2026-25889 MEDIUM

filebrowser < 2.57.1 - Authenticated Password Change Bypass via Case Sensitivity Flaw

CVE-2025-67718 HIGH

NPM Formio < 3.5.7 - Information Disclosure

CVE-2025-59944 HIGH

Cursor < 1.6.23 - Remote Code Execution via Case-Sensitive File Protection Bypass

Page 1 of 3 Next

Details

Vulnerabilities 73

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy