Lucene search
+L

2699 matches found

Apache Tomcat
Apache Tomcat
added 2026/06/23 12:0 a.m.10 views

Fixed in Apache Tomcat 9.0.119

Moderate: Security constraints for default servlet ignored method CVE-2026-55956 If security constraints were specified for the default servlet, any method or method omission configured as part of the constraint was ignored. This was fixed with commit a0374c45. This issue was reported to the Tomc...

9.1CVSS6.1AI score0.02569EPSS
Exploits1Affected Software1
Apache Tomcat
Apache Tomcat
added 2026/06/22 12:0 a.m.7 views

Fixed in Apache Tomcat 10.1.56

Moderate: Security constraints for default servlet ignored method CVE-2026-55956 If security constraints were specified for the default servlet, any method or method omission configured as part of the constraint was ignored. This was fixed with commit 9c3b1efb. This issue was reported to the Tomc...

9.1CVSS6.1AI score0.02569EPSS
Exploits1Affected Software1
Apache Tomcat
Apache Tomcat
added 2026/06/22 12:0 a.m.6 views

Fixed in Apache Tomcat 11.0.23

Moderate: Security constraints for default servlet ignored method CVE-2026-55956 If security constraints were specified for the default servlet, any method or method omission configured as part of the constraint was ignored. This was fixed with commit 3f6bd2ba. This issue was reported to the Tomc...

9.1CVSS6.1AI score0.02569EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/12 8:43 a.m.6 views

BIT-JENKINS-2026-53440

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain...

4.3CVSS5.3AI score0.00239EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 8:19 a.m.10 views

Security Bulletin: The IBM Common Licensing product using WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled, due to improper validation of user-supplied input. An attacker could...

7.6CVSS5.1AI score0.0039EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.14 views

SAP NetWeaver AS Java Reflected XSS (3723655)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a reflected cross-site scripting vulnerability as referenced in SAP Security Note 3723655: - Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an...

6.1CVSS5.4AI score0.00199EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 2:16 p.m.2 views

CVE-2026-53440

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain...

4.3CVSS6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 1:6 p.m.6 views

CVE-2026-53440

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain...

5.2AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 1:6 p.m.47 views

CVE-2026-53440

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain...

0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 1:6 p.m.27 views

CVE-2026-53440

Technical details are not publicly available in the provided documents. Monitor for updates.

4.3CVSS5.5AI score0.00239EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/10 1:6 p.m.12 views

EUVD-2026-36024

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.13 views

CVE-2026-44746

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

6.1CVSS5.4AI score0.00199EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48425

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.568 Jenkins LTS versions prior to 2.555.3 Description The "Delegate to servlet container" security realm fails to validate that the from parameter is a safe destination for redirection after login. This allows...

4.3CVSS5.2AI score0.00239EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 1:16 a.m.14 views

CVE-2026-44746

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

6.1CVSS0.00199EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 12:20 a.m.12 views

CVE-2026-44746 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet)

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

6.1CVSS5.4AI score0.00199EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 12:20 a.m.13 views

EUVD-2026-35282

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

6.1CVSS5.4AI score0.00199EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 12:20 a.m.43 views

CVE-2026-44746 Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS Java (JDBC Test Servlet)

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

6.1CVSS0.00199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47533

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

6.1CVSS5.4AI score0.00199EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 10:16 a.m.22 views

CVE-2026-11502

A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of...

3.1CVSS0.0025EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 1:13 p.m.11 views

CVE-2026-41293

Apache Tomcat did not validate HTTP/2 request headers, triggering unexpected application behavior, as applications may presume that header values exposed through the Servlet API would be valid...

9.8CVSS5.4AI score0.01339EPSS
Exploits0References4
Rows per page
Query Builder