Lucene search
K

13 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in Tomcat9

There is an incomplete cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from version 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80, and from 8.5.0 through 8.5.93, an error may cause Tomcat to skip certain...

5.3CVSS7.1AI score0.0216EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/07 6:31 a.m.12 views

Spring Cloud Config Server Susceptible To TOCTOU Attack

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. - Spring Cloud Config 3.0.x: affected from 3.0.0 through 3.0.7 inclusive; no open-source upgrade available. -...

8.1CVSS5.2AI score0.0022EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/07 3:51 a.m.23 views

CVE-2026-41004

The CVE-2026-41004 affects Spring Cloud Config Server when trace logging is enabled, exposing sensitive information in plain text in logs. All affected branches and versions include: Spring Cloud Config 3.1.x (3.1.0–3.1.13) with upgrade to 3.1.14+; 4.1.x (4.1.0–4.1.9) upgrade to 4.1.10+; 4.2.x (4...

4.4CVSS5.8AI score0.00168EPSS
Exploits0References1Affected Software1
AstraLinux
AstraLinux
added 2026/05/03 11:59 p.m.5 views

Astra Linux – Vulnerability in Tomcat9

Occasional URL redirection to untrusted sites is a vulnerability in Apache Tomcat, caused by the LoadBalancerDrainingValve. This issue affects Apache Tomcat versions as follows: 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. Other,...

6.1CVSS5.3AI score0.00526EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-25067

Name of the Vulnerable Software and Affected Versions Undici versions prior to 7.24.0 Description This is an uncontrolled resource consumption issue that can lead to a Denial of Service DoS. When the interceptors.deduplicate function is enabled in vulnerable versions, response data for deduplicat...

5.9CVSS7.1AI score0.00566EPSS
Exploits0References241
Atlassian
Atlassian
added 2026/01/08 10:27 p.m.17 views

Injection sha.js Dependency in Jira Software Data Center and Server

This High severity Injection vulnerability was introduced in versions 10.3.0, 11.0.0, 11.1.0, and 11.2.0 of Jira Software Data Center and Server. This Injection vulnerability, with a CVSS Score of 9.1 and a CVSS Vector of code:java CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:Hcode allows an...

9.1CVSS6.5AI score0.00651EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 10:59 a.m.6 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

7.5CVSS8.7AI score0.00399EPSS
Exploits0Affected Software11
RedhatCVE
RedhatCVE
added 2025/05/23 5:31 a.m.4 views

CVE-2023-29002

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the cilium-secrets namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug...

7.2CVSS6.3AI score0.00197EPSS
Exploits0References1
Amazon
Amazon
added 2025/04/01 12:0 a.m.8 views

Important: tomcat

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...

10CVSS7.9AI score0.99945EPSS
Exploits46
Amazon
Amazon
added 2025/01/24 12:0 a.m.2 views

Medium: git

Issue Overview: Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the ho...

9.3CVSS6.9AI score0.10047EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.3 views

PT-2024-37347 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p8 Checkmk versions prior to 2.2.0p29 Checkmk versions prior to 2.1.0p45 Checkmk version 2.0.0 Description: The issue allows users to execute arbitrary scripts by injecting HTML elements, which can lead to the...

6.5CVSS6.6AI score0.00389EPSS
Exploits0References10
OSV
OSV
added 2023/12/15 11:6 a.m.3 views

OESA-2023-1925 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request...

8.8CVSS7.3AI score0.8581EPSS
Exploits2References2
OSV
OSV
added 2022/09/06 6:15 p.m.3 views

CVE-2022-23690

A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further...

5.3CVSS5.8AI score0.00705EPSS
Exploits0References1
Rows per page
Query Builder