1978 matches found
PT-2026-23516
Name of the Vulnerable Software and Affected Versions Cloudfoundry UAA versions 77.30.0 through 78.7.0 Cloudfoundry Deployment versions 48.7.0 through 54.10.0 Description A logic error in the implementation of the token revocation endpoint leads to inappropriate user token revocation. The issue...
CloudFoundry UAA和CloudFoundry Deployment 安全漏洞
CloudFoundry UAA and CloudFoundry Deployment are both products of the CloudFoundry Foundation. CloudFoundry UAA is a multi-tenant identity management service. CloudFoundry Deployment is a code deployment component. Both CloudFoundry UAA and CloudFoundry Deployment have security vulnerabilities...
CVE-2026-22723 - UAA User Token Revocation | Cloud Foundry
Severity MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y Vendor CloudFoundry Foundation Versions Affected UAA Release: v77.30.0 to v78.7.0 CF Deployment: v48.7.0 to v54.10.0 Description Cloud Foundry UAA release versions fro...
GHSA-X4VH-J75G-268G NocoDB's Refresh Tokens Not Revoked on Password Reset
Summary The password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. Details passwordReset in users.service.ts updated tokenversion invalidating JWTs but did not...
CVE-2026-28396
CVE-2026-28396 concerns NocoDB, a database-as-spreadsheets platform. Prior to version 0.301.3, the password reset flow failed to revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. The i...
SIP Service Providers – Possible Impersonation of Poly Voice Device
An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate. Service...
BIT-TOMCAT-2026-24734 Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...
SUSE CVE-2026-24734
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...
Linux Distros Unpatched Vulnerability : CVE-2026-24734
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat...
Apache Tomcat 11.0.0.M1 < 11.0.18
The version of Tomcat installed on the remote host is prior to 11.0.18. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat11.0.18security-11 advisory. - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder...
Apache Tomcat has an Improper Input Validation vulnerability
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...
GHSA-MGP5-RV84-W37Q Apache Tomcat has an Improper Input Validation vulnerability
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...
CVE-2026-24734
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...
CVE-2026-24734
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...
CVE-2026-24734
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...
UBUNTU-CVE-2026-24734
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...
CVE-2026-24734 Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...
Fixed in Apache Tomcat Native Connector 2.0.12 / 1.3.5
Moderate: Incomplete OCSP verification checks CVE-2026-24734 When using an OCSP responder, Tomcat Native did complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. This issue was reported to the Tomcat security team on 2 November...
CVE-2026-24734 Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...
CVE-2026-24734
CVE-2026-24734 is an Improper Input Validation vulnerability affecting Apache Tomcat Native and Apache Tomcat itself. When using an OCSP responder, Tomcat Native (and the Tomcat Native FFM port) may not perform verification or freshness checks on OCSP responses, potentially allowing certificate r...