Lucene search
K

1702 matches found

CVE
CVE
added 6 hours ago6 views

CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS5.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday4 views

crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS5.8AI score0.0034EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2 days ago9 views

CVE-2026-55276

A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might...

9.1CVSS5.8AI score0.00285EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-6731

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name...

7.5CVSS5.8AI score0.00124EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-7532

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certifica...

7.5CVSS5.8AI score0.00133EPSS
Exploits0References3
OSV
OSV
added 3 days ago3 views

DEBIAN-CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.00186EPSS
Exploits0References1
OSV
OSV
added 3 days ago4 views

DEBIAN-CVE-2026-55276

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

9.1CVSS5.7AI score0.00285EPSS
Exploits0References1
NVD
NVD
added 3 days ago13 views

CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS0.00186EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-55276

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

9.1CVSS0.00285EPSS
Exploits0References2
OSV
OSV
added 3 days ago2 views

UBUNTU-CVE-2026-55276

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

9.1CVSS5.7AI score0.00285EPSS
Exploits0References9
OSV
OSV
added 3 days ago2 views

UBUNTU-CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.00186EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

0.00186EPSS
Exploits0References1
Debian CVE
Debian CVE
added 3 days ago6 views

CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.00186EPSS
Exploits0
CVE
CVE
added 3 days ago47 views

CVE-2026-55956

CVE-2026-55956 is an improper authorization vulnerability in Apache Tomcat. The issue causes the security constraints configured for the default servlet to ignore certain methods or method omissions, potentially bypassing intended access controls. Affected product ranges include Tomcat versions 1...

6.5CVSS5.7AI score0.00186EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago25 views

CVE-2026-55276 Apache Tomcat: Logged effective web.xml is incomplete

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

0.00285EPSS
Exploits0References1
Debian CVE
Debian CVE
added 3 days ago4 views

CVE-2026-55276

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

9.1CVSS5.7AI score0.00285EPSS
Exploits0
CVE
CVE
added 3 days ago28 views

CVE-2026-55276

Apache Tomcat vulnerability CVE-2026-55276 is a logging-only issue caused by an always-incorrect control flow in the effective web.xml, leading to special roles and empty authorization constraints not being shown. Affected products include Tomcat 8.5.0–8.5.100, 9.0.0.M1–9.0.118, 10.1.0-M1–10.1.55...

9.1CVSS5.7AI score0.00285EPSS
Exploits0References2Affected Software1
F5 Networks
F5 Networks
added 3 days ago4 views

K000161963: Golang vulnerability CVE-2025-61727

Security Advisory Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example . com does not prevent a leaf certificate from claiming the SAN .example.co...

6.5CVSS6.7AI score0.0027EPSS
Exploits0Affected Software2
RedHat Linux
RedHat Linux
added 3 days ago4 views

gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs...

5.3CVSS6.7AI score0.00638EPSS
Exploits1References5
Rows per page
Query Builder