Lucene search
K

764 matches found

Github Security Blog
Github Security Blog
added 2026/04/09 9:31 p.m.4 views

Apache Tomcat has an Open Redirect vulnerability

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...

6.1CVSS5.8AI score0.00526EPSS
Exploits0References4Affected Software3
OSV
OSV
added 2026/04/09 9:31 p.m.3 views

GHSA-9M3C-QCXR-9X87 Apache Tomcat has an Open Redirect vulnerability

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...

6.9CVSS5.8AI score0.00526EPSS
Exploits0References4
OSV
OSV
added 2026/04/09 8:16 p.m.2 views

DEBIAN-CVE-2026-25854

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...

6.1CVSS5.2AI score0.00526EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/09 8:16 p.m.5 views

CVE-2026-25854

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...

6.1CVSS5.8AI score0.00526EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/09 7:13 p.m.35 views

CVE-2026-25854 Apache Tomcat: Occasionally open redirect

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...

0.00526EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/09 7:13 p.m.3 views

CVE-2026-25854

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...

6.1CVSS5.2AI score0.00526EPSS
Exploits0
CVE
CVE
added 2026/04/09 7:13 p.m.208 views

CVE-2026-25854

CVE-2026-25854 is an Open Redirect vulnerability in Apache Tomcat caused by the LoadBalancerDrainingValve. Affected versions include Tomcat 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. The issue allows occasional redirection to untru...

6.1CVSS5.8AI score0.00526EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 7:13 p.m.3 views

CVE-2026-25854 Apache Tomcat: Occasionally open redirect

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...

5.8AI score0.00526EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:13 p.m.7 views

CVE-2026-25854

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...

5.8AI score0.00526EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/04/08 9:0 p.m.4 views

Open Redirect

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Open Redirect via the LoadBalancerDrainingValve.invoke function. When the LoadBalancerDrainingValve is in the disabled draining stat...

6.1CVSS5.8AI score0.00526EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:0 p.m.3 views

Open Redirect

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Open Redirect via the LoadBalancerDrainingValve.invoke function. When the LoadBalancerDrainingValve is in the disabled draining state, an attacker can redirect...

6.1CVSS5.8AI score0.00526EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/02 4:43 p.m.3 views

CVE-2026-31935

A flaw was found in Suricata. A remote attacker can exploit this vulnerability by sending a flood of crafted HTTP2 continuation frames. This can lead to memory exhaustion, causing the Suricata process to shut down, resulting in a Denial of Service DoS. Mitigation To mitigate this issue, consider...

7.5CVSS6AI score0.00272EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/03/28 8:44 a.m.138 views

randstad-linux-azure-architect-poc

Randstad Azure Linux Architect — POC GitHub: https://gith...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/28 12:27 a.m.10 views

SUSE CVE-2026-32254

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

7.1CVSS5.9AI score0.00297EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/27 6:31 p.m.5 views

EUVD-2026-16694

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

8.7CVSS5.8AI score0.00706EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/27 6:31 p.m.6 views

Undertow is Vulnerable to HTTP Request/Response Smuggling

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

9.1CVSS5.8AI score0.00706EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/27 5:16 p.m.5 views

UBUNTU-CVE-2026-28367

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

9.1CVSS5.7AI score0.00706EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 4:13 p.m.4 views

CVE-2026-28367

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending \r\r\r as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer,...

8.7CVSS5.8AI score0.00706EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 8:33 p.m.4 views

GO-2026-4724 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS in github.com/cloudnativelabs/kube-router

Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS in github.com/cloudnativelabs/kube-router...

7.1CVSS5.8AI score0.00297EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.6 views

CVE-2026-32254

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

7.1CVSS5.8AI score0.00297EPSS
Exploits1References1
Rows per page
Query Builder