Lucene search
K

174 matches found

RedhatCVE
RedhatCVE
added 6 days ago4 views

CVE-2026-55956

A flaw was found in Apache Tomcat where access control rules for the default servlet are improperly handled. An attacker can exploit this issue to bypass specific HTTP method restrictions, potentially gaining unauthorized access to protected application resources. Mitigation Review your...

6.5CVSS5.9AI score0.0041EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 4:18 p.m.4 views

BIT-TOMCAT-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...

6.5CVSS5.9AI score0.0041EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/07/01 3:15 a.m.4 views

SUSE CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.9AI score0.0041EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/29 10:23 p.m.10 views

Improper Authorization

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Improper Authorization due to the improper enforcement of security constraints in the default...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 9:16 p.m.6 views

DEBIAN-CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.0041EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 9:16 p.m.16 views

CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS0.0041EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/29 8:46 p.m.6 views

CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.0041EPSS
Exploits0
CVE
CVE
added 2026/06/29 8:46 p.m.112 views

CVE-2026-55956

CVE-2026-55956 is an improper authorization vulnerability in Apache Tomcat. The issue causes the security constraints configured for the default servlet to ignore certain methods or method omissions, potentially bypassing intended access controls. Affected product ranges include Tomcat versions 1...

6.5CVSS5.7AI score0.0041EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/29 8:46 p.m.50 views

CVE-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

0.0041EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 8:46 p.m.3 views

CVE-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.9AI score0.0041EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53745

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References29
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.19 views

Astra Linux – Vulnerability in Tomcat9

The “Time-of-check Time-of-use” TOCTOU race condition vulnerability during JSP compilation in Apache Tomcat allows for a race condition on case-insensitive file systems when the default servlet is enabled for writing not in the default configuration. This issue affects Apache Tomcat versions from...

9.8CVSS8.4AI score0.44312EPSS
Exploits13References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty versions 9.2.26 and earlier, 9.3.25 and earlier, as well as 9.4.15 and earlier, the server is vulnerable to XSS attacks if a remote client uses a specially formatted URL against the DefaultServlet or ResourceHandler that is configured to display a listing of directory contents...

6.1CVSS6.8AI score0.09591EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.24 views

Astra Linux – Vulnerability in Tomcat9

Path Equivalence: The path ‘file.Name’ Internal Dot leads to remote code execution, information disclosure, and the addition of malicious content to uploaded files via the write-enabled default servlet in Apache Tomcat. This issue affects Apache Tomcat versions as follows: - 11.0.0-M1 through...

10CVSS7.4AI score0.99945EPSS
Exploits47References2
NVD
NVD
added 2026/01/27 9:15 a.m.9 views

CVE-2026-24824

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

6.9CVSS0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/27 9:1 a.m.33 views

CVE-2026-24824 A XSS in yacy/yacy_search_server

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

6.9CVSS0.00318EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/27 9:1 a.m.4 views

CVE-2026-24824

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

6.9CVSS5.9AI score0.00318EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.6 views

YaCy security vulnerabilities

YaCy is a distributed network search engine open source from YaCy Search Engine. There is a security vulnerability in YaCy, which stems from the program file YaCyDefaultServlet.Java having input errors during web page generation, which may lead to cross-site scripting attacks...

6.9CVSS5.6AI score0.00318EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.11 views

PT-2026-4899

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacy search server source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacy search server...

6.9CVSS5.9AI score0.00318EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-0560

Malware in sbrugna...

6.1CVSS7.2AI score0.10554EPSS
Exploits0References24
Rows per page
Query Builder