Lucene search
K

169 matches found

OSV
OSV
added 4 days ago3 views

DEBIAN-CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 4 days ago13 views

CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS0.00186EPSS
Exploits0References2
Debian CVE
Debian CVE
added 4 days ago6 views

CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.00186EPSS
Exploits0
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

0.00186EPSS
Exploits0References1
CVE
CVE
added 4 days ago59 views

CVE-2026-55956

CVE-2026-55956 is an improper authorization vulnerability in Apache Tomcat. The issue causes the security constraints configured for the default servlet to ignore certain methods or method omissions, potentially bypassing intended access controls. Affected product ranges include Tomcat versions 1...

6.5CVSS5.7AI score0.00186EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-53745

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.17 views

Astra Linux – Vulnerability in Tomcat9

The “Time-of-check Time-of-use” TOCTOU race condition vulnerability during JSP compilation in Apache Tomcat allows for a race condition on case-insensitive file systems when the default servlet is enabled for writing not in the default configuration. This issue affects Apache Tomcat versions from...

9.8CVSS8.4AI score0.43663EPSS
Exploits13References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.23 views

Astra Linux – Vulnerability in Tomcat9

Path Equivalence: The use of ‘file.Name’ an internal dot notation can lead to Remote Code Execution, information disclosure, or the addition of malicious content to uploaded files via the write-enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-...

10CVSS8.7AI score0.99945EPSS
Exploits46References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux - уязвимость в jetty9

In Eclipse Jetty versions 9.2.26 and earlier, 9.3.25 and earlier, as well as 9.4.15 and earlier, the server is vulnerable to XSS attacks if a remote client uses a specially formatted URL against the DefaultServlet or ResourceHandler that is configured to display a listing of directory contents...

6.1CVSS6.8AI score0.09591EPSS
Exploits0References1
NVD
NVD
added 2026/01/27 9:15 a.m.7 views

CVE-2026-24824

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

6.9CVSS0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/27 9:1 a.m.31 views

CVE-2026-24824 A XSS in yacy/yacy_search_server

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

6.9CVSS0.00318EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/27 9:1 a.m.4 views

CVE-2026-24824

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

6.9CVSS5.9AI score0.00318EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.6 views

PT-2026-4899

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacy search server source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacy search server...

6.9CVSS5.9AI score0.00318EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.4 views

YaCy security vulnerabilities

YaCy is a distributed network search engine open source from YaCy Search Engine. There is a security vulnerability in YaCy, which stems from the program file YaCyDefaultServlet.Java having input errors during web page generation, which may lead to cross-site scripting attacks...

6.9CVSS5.6AI score0.00318EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-0560

Malware in sbrugna...

6.1CVSS7.2AI score0.10554EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2025-24813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via...

10CVSS8.2AI score0.99945EPSS
Exploits46References2
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2018-11784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting ...

4.3CVSS6.4AI score0.94494EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added 2025/07/17 11:5 a.m.81 views

tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...

9.8CVSS7.6AI score0.43663EPSS
Exploits13References6
RedHat Linux
RedHat Linux
added 2025/07/16 3:30 p.m.5 views

tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...

9.8CVSS7.6AI score0.43663EPSS
Exploits13References6
RedHat Linux
RedHat Linux
added 2025/07/16 3:28 p.m.63 views

tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation

The fix for CVE-2024-50379 in Apache Tomcat was insufficient to mitigate the issue fully. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to...

9.8CVSS7.6AI score0.43663EPSS
Exploits13References6
Rows per page
Query Builder