Exploit for Missing Encryption of Sensitive Data in Apache Tomcat

CVE-2026-34486 EncryptInterceptor fail-open bypass in Apache...

ROS-20260420-73-0010

A vulnerability in the crypto/modes/ocb128.c component of the OpenSSL TLS and SSL protocols toolkit is related to the lack of a required encryption step. Exploitation of the vulnerability could allow an attacker to gain access to confidential data and compromise its integrity...

Exploit for Missing Encryption of Sensitive Data in Apache Tomcat

CVE-2026-34486 Apache Tomcat EncryptInterceptor Bypass Vulnera...

Exploit for Missing Encryption of Sensitive Data in Apache Tomcat

No d...

CVE-2026-34486

A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...

CVE-2026-34486 Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

CVE-2026-34486

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

CVE-2026-34486

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data in the EncryptInterceptor's messageReceived method. An attacker can gain unauthorized access to sensitive data by bypassing EncryptInterceptor to intercept unencrypted communications. Note: This is d...

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data in the handling of inter-Node Pod traffic when dual-stack networking is configured with IPsec encryption enabled. An attacker can intercept and read sensitive IPv6 Pod traffic by monitoring network...

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data in the handling of inter-Node Pod traffic when dual-stack networking is configured with IPsec encryption enabled. An attacker can intercept and read sensitive IPv6 Pod traffic by monitoring network...

PT-2026-30013

Impact This is a missing encryption vulnerability CWE-311 affecting inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled trafficEncryptionMode: ipsec, Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctl...

KLA90975 Multiple vulnerabilities in Apache Tomcat

Multiple vulnerabilities were found in Apache Tomcat. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve...

Exploit for Missing Encryption of Sensitive Data in Nginxui Nginx_Ui

CVE-2026-27944 PoC Description CVE-2026-27944 is an identi...

Missing Encryption of Sensitive Data

Overview github.com/rancher/rancher/pkg/controllers/management/node is a complete container management platform Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data in the cluster creation using RKE templates with Weave CNI, where the WEAVEPASSWORD is not set,...

PT-2026-5323

Name of the Vulnerable Software and Affected Versions VX800v version 1.0 Description The web interface of VX800v version 1.0 transmits sensitive information over unencrypted HTTP due to missing application layer encryption. This allows a network-adjacent attacker to intercept the traffic and...

CVE-2023-4384

A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data. The attack can be initiated remotely. The complexity of ...

CVE-2021-22782

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

CVE-2022-0183

Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 firmware all versions and 'MIRUPASS' PW20 firmware all versions allows an attacker who can physically access the device to obtain the stored passwords...

CVE-2025-15065

Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service, Modify Shared...