CVE-2026-8644

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing...

tomcat-9.0.118-1.1 on GA media (moderate)

tomcat-9.0.118-1.1 on GA media Announcement ID: openSUSE-SU-2026:10925-1 Rating: moderate Cross-References: CVE-2026-41284 CVE-2026-41293 CVE-2026-42498 CVE-2026-43512 CVE-2026-43513 CVE-2026-43514 CVE-2026-43515 CVSS scores: CVE-2026-41284 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H...

CVE-2026-8644

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing...

CVE-2026-9311

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...

CVE-2026-8644

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing...

CVE-2026-8644

IBM WebSphere Application Server versions 9.0 and 8.5 are affected by CVE-2026-8644, an identity spoofing (authentication bypass) vulnerability (CWE-290) with CVSSv3.1 base score 9.1. Affected products: WebSphere Application Server 9.0 and 8.5. Root cause: identity spoofing leading to authenticat...

PT-2026-45542

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description An issue exists that allows for identity spoofing, where an attacker can impersonate another user or system identity. Recommendations At the...

IBM WebSphere Application Server (WAS) code injection vulnerability

IBM WebSphere Application Server WAS is an application server product developed by IBM. It serves as a platform for JavaEE and web services applications and forms the foundation of the IBM WebSphere software suite. Both the 9.0 and 8.5 versions of IBM WebSphere Application Server contained a code...

IBM WebSphere Application Server (WAS) security vulnerabilities

IBM WebSphere Application Server WAS is an application server product developed by IBM. It serves as a platform for JavaEE and web services applications, and it also forms the foundation of the IBM WebSphere software platform. Both versions of IBM WebSphere Application Server WAS, 9.0 and 8.5, ha...

Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty was affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty was affected by prototype pollution vulnerability due to immutable CVE-2026-29063. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

CVE-2026-8835

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service...

EUVD-2026-31905

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication client authentication...

EUVD-2026-31903

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration...

CVE-2026-8856 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration...

CVE-2026-8852 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modfastcgi module...

CVE-2026-8850

IBM HTTP Server 8.5 and 9.0 are affected by a denial-of-service through the optional module mod_ibm_upload. The NVD entry lists a CVSS 3.1 base score of 7.5 (HIGH) with network attack vector and no user interaction required, indicating the issue can be triggered remotely and could impact availabi...

IBM HTTP Server 安全漏洞

IBM HTTP Server is an enterprise-level web server software developed by International Business Machines IBM. Versions 8.5 and 9.0 of IBM HTTP Server contain security vulnerabilities. These vulnerabilities are caused by buffer overflows, which could allow privileged users to execute remote code or...

EUVD-2026-31443

Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in the Atomik theme. A rogue editor can inject arbitrary JavaScript that executes in the context of any authenticated user visiting the affected account pages. This can lead to session hijacking, credential theft, malicio...

PT-2026-42774

Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in the Atomik theme. A rogue editor can inject arbitrary JavaScript that executes in the context of any authenticated user visiting the affected account pages. This can lead to session hijacking, credential theft, malicio...

Astra Linux - уязвимость в tomcat9

When responding to new H2C connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61 may duplicate request headers and a limited amount of request body from one request to another. This means that user A and user B may both see the results of user A’...