| CVE-2026-45135 |
high |
— |
8.0 |
|
|
|
11d ago |
Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files |
| CVE-2026-45692 |
medium |
— |
5.5 |
|
|
|
10d ago |
Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization |
| CVE-2026-30852 |
unknown |
— |
— |
|
|
|
3mo ago |
Caddy's vars_regexp double-expands user input, leaking env vars and files in github.com/caddyserver/caddy |
| CVE-2026-30851 |
unknown |
— |
— |
|
|
|
3mo ago |
Caddy forward_auth copy_headers allows Identity Injection and Privilege Escalation in github.com/caddyserver/caddy |
| CVE-2026-27590 |
unknown |
— |
— |
|
|
|
3mo ago |
Unicode case-folding causes incorrect split_path index in github.com/caddyserver/caddy/v2 |
| CVE-2026-27589 |
unknown |
— |
— |
|
|
|
3mo ago |
Caddy is vulnerable to cross-origin config application via local admin API /load in github.com/caddyserver/caddy/v2 |
| CVE-2026-27588 |
unknown |
— |
— |
|
|
|
3mo ago |
Caddy MatchHost becomes case-sensitive in github.com/caddyserver/caddy/v2 |
| CVE-2026-27587 |
unknown |
— |
— |
|
|
|
3mo ago |
Caddy MatchPath %xx branch skips case normalization in github.com/caddyserver/caddy/v2 |
| CVE-2026-27586 |
unknown |
— |
— |
|
|
|
3mo ago |
Caddy mTLS authentication fails open in github.com/caddyserver/caddy/v2 |
| CVE-2026-27585 |
unknown |
— |
— |
|
|
|
3mo ago |
Improper sanitization of glob characters in github.com/caddyserver/caddy/v2 |
| CVE-2022-28923 |
unknown |
— |
— |
|
|
|
3y ago |
Open redirect in github.com/caddyserver/caddy/v2 |
| CVE-2022-29718 |
unknown |
— |
— |
|
|
|
4y ago |
Open redirect in caddy |