Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1109 matches found

Saint
Saintadded 2025/02/28 12:0 a.m.109 views

MITRE Caldera dynamic compilation command injection

Added: 02/28/2025 Background MITRE Caldera is a security platform for emulating adversaries. Problem The dynamic compilation functionality in the Manx and Sandcat agents is affected by an injection vulnerability which could allow remote command execution. Resolution Upgrade to Caldera 5.1.0 or...

10CVSS7.7AI score0.26335EPSS
Exploits2
Tenable Nessus
Tenable Nessusadded 2025/02/27 12:0 a.m.21 views

RHEL 9 : pki-servlet-engine (RHSA-2025:1920)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1920 advisory. Tomcat is the servlet engine that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java...

9.8CVSS8.5AI score0.84776EPSS
Exploits12References5
Vulnrichment
Vulnrichmentadded 2025/02/24 12:0 a.m.4 views

CVE-2025-27364

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution RCE vulnerability was found in the dynamic agent implant compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web...

10CVSS8.7AI score0.26335EPSS
Exploits2References6
Cvelist
Cvelistadded 2025/02/24 12:0 a.m.196 views

CVE-2025-27364

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution RCE vulnerability was found in the dynamic agent implant compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web...

10CVSS0.26335EPSS
Exploits2References6
OSV
OSVadded 2025/02/10 7:34 a.m.17 views

SUSE-SU-2025:0394-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2024-50379: Fixed remote code execution RCE due to TOCTOU issue in JSP compilation bsc1234663. - CVE-2024-54677: Fixed denial-of-service DoS attack in examples web application bsc1234664...

9.8CVSS7.8AI score0.84776EPSS
Exploits12References5
RedHat Linux
RedHat Linuxadded 2025/01/21 1:19 p.m.3 views

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

9.8CVSS7.5AI score0.84776EPSS
Exploits12References5
RedHat Linux
RedHat Linuxadded 2025/01/21 1:16 p.m.3 views

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

9.8CVSS7.5AI score0.84776EPSS
Exploits12References5
RedHat Linux
RedHat Linuxadded 2025/01/16 7:35 p.m.2 views

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

9.8CVSS7.5AI score0.84776EPSS
Exploits12References5
RedHat Linux
RedHat Linuxadded 2025/01/16 7:34 p.m.5 views

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

9.8CVSS7.5AI score0.84776EPSS
Exploits12References5
Mageia
Mageiaadded 2024/12/21 8:16 p.m.27 views

Updated tomcat packages fix security vulnerabilities

RCE due to TOCTOU issue in JSP compilation. CVE-2024-50379 DoS in examples web application. CVE-2024-54677...

9.8CVSS6.9AI score0.84776EPSS
Exploits12References4
OSV
OSVadded 2024/12/21 8:16 p.m.18 views

MGASA-2024-0394 Updated tomcat packages fix security vulnerabilities

RCE due to TOCTOU issue in JSP compilation. CVE-2024-50379 DoS in examples web application. CVE-2024-54677...

9.8CVSS7AI score0.84776EPSS
Exploits12References5
OSV
OSVadded 2024/12/20 1:42 a.m.6 views

OESA-2024-2564 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

9.8CVSS6.8AI score0.84776EPSS
Exploits12References3
SUSE CVE
SUSE CVEadded 2024/12/18 3:51 a.m.7 views

SUSE CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

7CVSS7AI score0.84776EPSS
Exploits12References11
RedhatCVE
RedhatCVEadded 2024/12/17 10:21 p.m.33 views

CVE-2024-50379

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

8.1CVSS8.8AI score0.84776EPSS
Exploits12References4
OSV
OSVadded 2024/12/17 1:15 p.m.15 views

CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

9.8CVSS8.9AI score
Exploits0References5
OSV
OSVadded 2024/12/17 1:15 p.m.6 views

DEBIAN-CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

9.8CVSS8.5AI score0.84776EPSS
Exploits12References1
OSV
OSVadded 2024/12/17 1:15 p.m.0 views

UBUNTU-CVE-2024-50379

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

9.8CVSS7AI score0.84776EPSS
Exploits12References9
Vulnrichment
Vulnrichmentadded 2024/12/17 12:34 p.m.48 views

CVE-2024-50379 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

9AI score0.84776EPSS
Exploits12References1
CVE
CVEadded 2024/12/17 12:34 p.m.945 views

CVE-2024-50379

CVE-2024-50379 is a TOCTOU race condition in JSP compilation on Apache Tomcat that can lead to RCE when the default servlet is writable on case-insensitive file systems. Affected lines include Tomcat 11.0.0-M1–11.0.1, 10.1.0-M1–10.1.33, and 9.0.0.M1–9.0.97 (also some older EOL versions). The issu...

9.8CVSS9AI score0.84776EPSS
Exploits12References5Affected Software1
Cvelist
Cvelistadded 2024/12/17 12:34 p.m.230 views

CVE-2024-50379 Apache Tomcat: RCE due to TOCTOU issue in JSP compilation

Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from...

0.84776EPSS
Exploits12References1
Rows per page
Query Builder