Lucene search
K

165 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.8 views

Apache Tomcat 10.1.22 < 10.1.54 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.54. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.54security-10 advisory. - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusteri...

7.5CVSS6AI score0.21691EPSS
Exploits6References9
SUSE CVE
SUSE CVE
added 2026/04/10 11:25 p.m.7 views

SUSE CVE-2026-34486

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

7.5CVSS5.8AI score0.21691EPSS
Exploits6References12
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.31 views

Linux Distros Unpatched Vulnerability : CVE-2026-34486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue...

7.5CVSS7.1AI score0.21691EPSS
Exploits6References3
OSV
OSV
added 2026/04/09 9:31 p.m.5 views

GHSA-69R9-QGR7-G2WJ Apache Tomcat Missing Encryption of Sensitive Data vulnerability

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

7.5CVSS5.8AI score0.21691EPSS
Exploits6References12
CVE
CVE
added 2026/04/09 7:35 p.m.50 views

CVE-2026-34486

CVE-2026-34486 is a Tomcat Tribes EncryptInterceptor regression: when decryption fails, the code path previously moved super.messageReceived(msg) outside the try block, causing raw serialized bytes to bypass encryption and reach deserialization, enabling unauthenticated RCE via Java deserializati...

7.5CVSS5.8AI score0.21691EPSS
Exploits6References16Affected Software1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

Semtech LR11xx LoRa 安全漏洞

Semtech LR11xx LoRa is a series of low-power wireless communication chips developed by the American company Semtech. There are security vulnerabilities in Semtech LR11xx LoRa; these vulnerabilities stem from information leaks in earlier firmware versions, which could allow attackers to bypass the...

5.1CVSS5.8AI score0.00113EPSS
Exploits0References1
CVE
CVE
added 2026/04/06 4:31 p.m.15 views

CVE-2026-34992

CVE-2026-34992 pertains to Antrea (Kubernetes networking). In dual-stack clusters with IPsec (trafficEncryptionMode: ipsec), IPv6 Pod traffic is not encrypted while IPv4 traffic is secured by ESP; packets are encapsulated (Geneve/VXLAN) but bypass the IPsec layer. Impacted users run dual-stack co...

7.5CVSS5.9AI score0.00121EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/16 4:26 p.m.8 views

IncusOS has a LUKS encryption bypass due to insufficient TPM policy

The default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the system's owner or any tampering of Secure Boot state or kernel UKI boot image. That's...

7.6CVSS5.8AI score0.0014EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/03/04 3:30 p.m.15 views

CVE-2025-59785

CVE-2025-59785 affects 2N Access Commander, with affected versions prior to 3.4.3. The root cause is improper validation of an API endpoint in the product, which can allow bypassing the password policy used for backup file encryption. Exploitation requires administrator privileges (authenticated ...

7.2CVSS5.9AI score0.00189EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/02/09 9:9 p.m.151 views

neopythonlogger

chrome-privless-encryption A PoC demonstrating how to bypass...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/19 9:14 p.m.7 views

CVE-2025-62002

BullWall Ransomware Containment relies on the number of file modifications to trigger detection. An authenticated attacker could encrypt a single large file without triggering a detection alert. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 were confirmed to be affected; other versions before a...

5.3CVSS6.7AI score0.00259EPSS
Exploits0References1
Gitee
Gitee
added 2025/11/27 9:16 p.m.149 views

burp_mirror_gui

Burp Multiple Instance Management Tool This solution, when combined with jsforward or mitmdump, effectively addresses the following pain points in penetration testing: 1. Enables real-time testing for privilege escalation, unauthorized access, business logic vulnerabilities, and session-related...

7.2AI score
Exploits0
HackRead
HackRead
added 2025/11/21 4:52 p.m.11 views

New Sturnus Android Malware Reads WhatsApp, Telegram, Signal Chats via Accessibility Abuse

Sturnus, an advanced Android banking trojan, has been discovered by ThreatFabric. Learn how this malware bypasses end-to-end encryption on Signal and WhatsApp, steals bank credentials using fake screens, and executes fraudulent transactions...

7.1AI score
Exploits0
OSV
OSV
added 2025/11/14 8:33 p.m.6 views

GHSA-R9X7-7GGJ-FX9F PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users

Summary Dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on PrivateBin will execute arbitrary JavaScript within their own session self-XSS. This allows an attacker who can entice a victim to drag or...

3.9CVSS7.1AI score0.00107EPSS
Exploits1References4
NVD
NVD
added 2025/11/13 3:16 a.m.12 views

CVE-2025-64711

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on...

5.4CVSS0.00107EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-0116

Malware in sbrugna...

9.8CVSS9.2AI score0.01764EPSS
Exploits1References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-5389

Malware in sbrugna...

7.5CVSS8.2AI score0.01036EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-3183

Malware in sbrugna...

5.9CVSS5.4AI score0.00404EPSS
Exploits2References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-0176

Malware in sbrugna...

7.5CVSS6.9AI score0.03167EPSS
Exploits1References18
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-18484

Malware in sbrugna...

7.5CVSS7.6AI score0.01427EPSS
Exploits0References3
Rows per page
Query Builder