Lucene search
K

21207 matches found

OSV
OSV
added 2025/04/28 8:15 p.m.0 views

UBUNTU-CVE-2025-31651

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

9.8CVSS6.9AI score0.0418EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2025/04/28 8:15 p.m.12 views

CVE-2025-31651

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

9.8CVSS6.9AI score0.0418EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/04/28 7:17 p.m.70 views

CVE-2025-31651 Apache Tomcat: Bypass of rules in Rewrite Valve

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

0.0418EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/28 7:17 p.m.10 views

CVE-2025-31651 Apache Tomcat: Bypass of rules in Rewrite Valve

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

7.4AI score0.0418EPSS
Exploits1References1
CVE
CVE
added 2025/04/28 7:17 p.m.501 views

CVE-2025-31651

CVE-2025-31651 affects Apache Tomcat and allows bypass of rewrite rules for a subset of unlikely configurations. Affected branches include Tomcat 11.0.0-M1–11.0.5, 10.1.0-M1–10.1.39, and 9.0.0.M1–9.0.102; Debian and Amazon advisories confirm Tomcat9/10 updates addressing this issue. The connected...

9.8CVSS7.3AI score0.0418EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2025/04/28 7:17 p.m.21 views

CVE-2025-31651

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...

9.8CVSS7.3AI score0.0418EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2025/04/28 3:19 p.m.13 views

php: Single byte overread with convert.quoted-printable-decode filter

A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...

8.2CVSS5.8AI score0.01618EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/04/28 12:0 a.m.6 views

Apache Tomcat 安全漏洞

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. An input validation error vulnerability exists in Apache Tomcat that stems from improperly neutralizing escape, meta, or control...

9.8CVSS6.6AI score0.0418EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/26 7:34 p.m.14 views

Security Bulletin: Vulnerability in Babel affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2021-42771]

Summary The Babel package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2021-42771. Vulnerability Details CVEID:CVE-2021-42771 DESCRIPTION: Python-Babel Babel could allow a local authenticated attacker to traverse directories ...

7.8CVSS7AI score0.00716EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/26 5:32 a.m.7 views

CVE-2025-46394

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences...

3.3CVSS6.8AI score0.00149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 11:51 p.m.8 views

CVE-2025-24907

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi Vantara...

6.8CVSS6.9AI score0.0035EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 11:47 p.m.5 views

CVE-2025-24908

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' doubled triple dot slash sequences that can resolve to a location that is outside of that directory. CWE-35 Description Hitachi Vantara...

6.8CVSS6.9AI score0.00403EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/25 10:49 a.m.48 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods B2B

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods B2B 11.1 Vulnerability Details CVEID:CVE-2015-6644 DESCRIPTION: Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted...

7.5CVSS10AI score0.08878EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/25 10:44 a.m.49 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods API Management

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods API Management 11.1 Vulnerability Details CVEID:CVE-2024-23672 DESCRIPTION: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket...

8.8CVSS10AI score0.03005EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/25 9:44 a.m.63 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods Integration

Summary Multiple vulnerabilities were addressed in the latest fix release for IBM webMethods Integration 11.1 Vulnerability Details CVEID:CVE-2024-34397 DESCRIPTION: GNOME GLib could allow a remote attacker to conduct spoofing attacks, caused by a flaw when a GDBus-based client subscribes to...

9.1CVSS9.2AI score0.54026EPSS
Exploits5Affected Software1
The Hacker News
The Hacker News
added 2025/04/25 8:57 a.m.14 views

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilities, flagged by...

6.9CVSS7.4AI score0.01095EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2025/04/24 3:23 a.m.1 views

SUSE CVE-2025-46394

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences...

6.3CVSS7AI score0.00149EPSS
Exploits0References9
Packet Storm News
Packet Storm News
added 2025/04/24 12:0 a.m.3 views

Crypto-NcRNA: Non-Coding RNA (NcRNA) Based Encryption Algorithm

In the looming post-quantum era, traditional cryptographic systems are increasingly vulnerable to quantum computing attacks that can compromise their mathematical foundations. To address this critical challenge, we propose crypto-ncRNA-a bio-convergent cryptographic framework that leverages the...

6.7AI score
Exploits0
OSV
OSV
added 2025/04/23 4:15 p.m.6 views

AZL-61191 CVE-2025-46394 affecting package busybox 1.35.0-18

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences...

3.3CVSS7.1AI score0.00149EPSS
Exploits0References1
OSV
OSV
added 2025/04/23 4:15 p.m.3 views

DEBIAN-CVE-2025-46394

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences...

3.3CVSS7.3AI score0.00149EPSS
Exploits0References1
Rows per page
Query Builder