Lucene search
K

926 matches found

Nuclei
Nuclei
added 14 hours ago37 views

Apache Druid - Server-Side Request Forgery

Server-Side Request Forgery SSRF, Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache Druid.This issue affects all previous Druid versions.When using the Druid management proxy, a request tha...

5.8CVSS7.1AI score0.01656EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 6 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-50734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker c...

7.5CVSS6AI score0.00796EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 6 days ago3 views

Linux Distros Unpatched Vulnerability : CVE-2026-53917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An...

7.5CVSS6AI score0.00796EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 11:16 a.m.14 views

CVE-2026-52760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

6.1CVSS0.00563EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 a.m.8 views

CVE-2026-49877

Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/ paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This issue affects Apache ActiveMQ: before 5.19.8, from...

8.1CVSS0.0051EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 a.m.2 views

UBUNTU-CVE-2026-49434

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.7AI score0.00659EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:16 a.m.2 views

UBUNTU-CVE-2026-53917

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message...

7.5CVSS5.8AI score0.00796EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Apache Tomcat 10.1.0.M1 < 10.1.39

The version of Tomcat installed on the remote host is prior to 10.1.39. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.39security-10 advisory. - Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to...

7.3CVSS6AI score0.00462EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-55956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission...

6.5CVSS5.9AI score0.0041EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 9:16 p.m.9 views

CVE-2026-53434

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...

9.1CVSS0.00368EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 9:16 p.m.15 views

CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

7.3CVSS0.00413EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 9:16 p.m.4 views

UBUNTU-CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS5.7AI score0.00423EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 9:16 p.m.2 views

UBUNTU-CVE-2026-55955

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...

6.5CVSS5.7AI score0.0028EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/29 8:47 p.m.38 views

CVE-2026-55957 Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

0.00462EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/29 8:47 p.m.7 views

CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

7.3CVSS5.7AI score0.00462EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/29 8:44 p.m.31 views

CVE-2026-55955 Apache Tomcat: EncryptInterceptor not protected against replay attacks

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...

0.0028EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/29 8:42 p.m.5 views

CVE-2026-55276

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

9.1CVSS5.7AI score0.00368EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/29 8:36 p.m.33 views

CVE-2026-50229 Apache Tomcat: XSS in number guess example

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

0.00423EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 8:36 p.m.49 views

CVE-2026-50229

CVE-2026-50229 describes an XSS flaw in the Apache Tomcat “number guess” example. Affected versions include Tomcat 11.0.0-M1–11.0.22, 10.1.0-M1–10.1.55, 9.0.0.M1–9.0.118, 8.5.0–8.5.100, and 7.0.0–7.0.109. The root cause is improper neutralization of script-related HTML tags in that example web pa...

6.1CVSS5.7AI score0.00423EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-514 Rasa Allows Remote Code Execution via Remote Model Loading

Vulnerability A vulnerability has been identified in Rasa Pro and Rasa Open Source that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: - The HTTP API must be enabled on the...

9CVSS5.9AI score0.00895EPSS
Exploits0References6
Rows per page
Query Builder