Lucene search
K

264 matches found

Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-34174

Name of the Vulnerable Software and Affected Versions frp versions 0.43.0 through 0.68.0 Description An authentication bypass exists in the HTTP vhost routing path when routeByHTTPUser is utilized for access control. In proxy-style requests, the routing logic selects the routeByHTTPUser backend...

9.1CVSS5.9AI score0.00269EPSS
Exploits1References6
SUSE Linux
SUSE Linux
added 2026/03/26 9:46 a.m.3 views

Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: CVE-2025-48989: HTTP/2 protocol including DNS over HTTPS is vulnerable to "MadeYouReset" DoS attack bsc1243895. CVE-2025-52434: race condition on connection close when using the APR/Native connector could lead to a JVM...

10CVSS7AI score0.99999EPSS
Exploits108References100
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.10 views

aaPanel 安全漏洞

aaPanel is a simple yet powerful web-based control panel developed under the open source license. Version 7.57.0 of aaPanel contains a security vulnerability, which stems from a regular expression denial-of-service issue in the VirtualHost configuration processing/parser component...

7.5CVSS5.8AI score0.00337EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/18 12:0 a.m.30 views

CVE-2026-29856

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...

0.00337EPSS
Exploits1References2
OSV
OSV
added 2026/03/18 12:0 a.m.4 views

CVE-2026-29856

An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service ReDoS via a crafted input...

7.5CVSS5.9AI score0.00337EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/16 3:30 p.m.6 views

EUVD-2016-10827

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...

6.1CVSS5.9AI score0.00236EPSS
Exploits2References4
NVD
NVD
added 2026/03/16 2:17 p.m.4 views

CVE-2016-20036

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like...

6.1CVSS0.00236EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.5 views

EulerOS 2.0 SP10 : libsoup (EulerOS-SA-2026-1342)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing...

8.2CVSS5.9AI score0.00505EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/03/12 5:39 a.m.13 views

Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. CVE-2026-24734: certificate revocation bypass du...

8.7CVSS7.1AI score0.00498EPSS
Exploits0References14
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Fixed the check on the return value of copytoiter. The return value of copytoiter cannot be negative; instead of checking for negative values, we should check whether the copied length is equal to the requested...

6AI score0.00197EPSS
Exploits0References3
OSV
OSV
added 2026/02/17 6:48 p.m.8 views

CVE-2025-66614 Apache Tomcat: Client certificate verification bypass due to virtual host mapping

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...

7.6CVSS6.7AI score0.00235EPSS
Exploits0References3
CVE
CVE
added 2026/02/17 6:48 p.m.101 views

CVE-2025-66614

CVE-2025-66614 is an improper input validation issue in Apache Tomcat. The vulnerability affects Tomcat versions 11.0.0-M1 through 11.0.14, 10.1.0-M1 through 10.1.49, and 9.0.0-M1 through 9.0.112, with older EOL versions (8.5.0–8.5.100) also listed as affected. The root cause is failure to verify...

9.1CVSS5.5AI score0.00235EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2026/02/15 1:29 a.m.7 views

[SECURITY] Fedora 42 Update: nginx-mod-vts-0.2.4-6.fc42

Nginx virtual host traffic status module...

8.2CVSS5.4AI score0.00339EPSS
Exploits0
Fedora
Fedora
added 2026/02/15 1:13 a.m.6 views

[SECURITY] Fedora 43 Update: nginx-mod-vts-0.2.4-6.fc43

Nginx virtual host traffic status module...

8.2CVSS5.4AI score0.00339EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/12 7:52 p.m.24 views

CVE-2026-25768 LavinMQ is missing vhost access control

LavinMQ is a high-performance message queue & streaming server. Before 2.6.6, an authenticated user could access metadata in the broker they should not have access to. This vulnerability is fixed in 2.6.6...

7.1CVSS0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/29 12:0 a.m.29 views

CVE-2025-63653

An out-of-bounds read in the mkvhostfdtclose function mkserver/mkvhost.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

0.01043EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.7 views

SUSE SLES15: cluster-md-kmp-64kb / cluster-md-kmp-default / dlm-kmp-64kb / etc (SUSE-SU-2026:0293-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0293-1 advisory. The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were...

7.8CVSS6.7AI score0.00319EPSS
Exploits0References1026
SUSE Linux
SUSE Linux
added 2026/01/26 11:37 a.m.5 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. CVE-2025-39890:...

8.7CVSS7.1AI score0.00319EPSS
Exploits0References1434
OSV
OSV
added 2026/01/26 11:36 a.m.1 views

SUSE-SU-2026:0293-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. - CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. -...

7.8CVSS6.4AI score0.00319EPSS
Exploits0References692
RedHat Linux
RedHat Linux
added 2026/01/21 12:55 p.m.4 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00505EPSS
Exploits0References5
Rows per page
Query Builder