Lucene search
K

38 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-55276

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

9.1CVSS0.00368EPSS
Exploits0References2
OSV
OSV
added 6 days ago4 views

DEBIAN-CVE-2026-55276

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-55276 Apache Tomcat: Logged effective web.xml is incomplete

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

0.00368EPSS
Exploits0References1
CVE
CVE
added 6 days ago37 views

CVE-2026-55276

Apache Tomcat vulnerability CVE-2026-55276 is a logging-only issue caused by an always-incorrect control flow in the effective web.xml, leading to special roles and empty authorization constraints not being shown. Affected products include Tomcat 8.5.0–8.5.100, 9.0.0.M1–9.0.118, 10.1.0-M1–10.1.55...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-53743

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Description An always-incorrect control flow...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/05/09 5:48 p.m.107 views

Exploit for CVE-2020-1938

Ghostcat - CVE-2020-1938 Exploit Lee archivos del Tomcat via AJP...

9.8CVSS7AI score0.9927EPSS
Exploits45
GithubExploit
GithubExploit
added 2026/05/06 7:21 a.m.105 views

Exploit for PHP Remote File Inclusion in Synacor Zimbra_Collaboration_Suite

CVE-2025-68645 - Zimbra Path Traversal Vulnerability !Secur...

8.8CVSS6.1AI score0.31769EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/04/11 2:21 p.m.102 views

Exploit for CVE-2026-22557

CVE-2026-22557 -- UniFi Network Application Pre-Auth Path Trav...

10CVSS6AI score0.15601EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/10/29 12:11 a.m.17 views

CVE-2025-60805

An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...

7.5CVSS6.8AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/28 6:30 p.m.7 views

EUVD-2025-36544

An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...

6.3AI score0.00339EPSS
Exploits0References5
NVD
NVD
added 2025/10/28 6:15 p.m.10 views

CVE-2025-60805

An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...

7.5CVSS0.00339EPSS
Exploits0References4
CVE
CVE
added 2025/10/28 12:0 a.m.21 views

CVE-2025-60805

CVE-2025-60805 affects BESSystem BES Application Server up to version 9.5.x. The issue arises from the pre-resource option in bes-web.xml, allowing unauthorized attackers to access sensitive information. Public documents consistently describe a data leakage risk via pre-resource, with remediation...

7.5CVSS6.4AI score0.00339EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/28 12:0 a.m.6 views

CVE-2025-60805

An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...

6.4AI score0.00339EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.7 views

PT-2025-44196

Name of the Vulnerable Software and Affected Versions BESSystem BES Application Server versions through 9.5.x Description An issue exists that could allow unauthorized attackers to obtain sensitive information. This is due to the “pre-resource” option within the bes-web.xml file. Recommendations...

7.5CVSS6.4AI score0.00339EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2025/09/28 1:11 a.m.265 views

Exploit for CVE-2022-36537

CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...

7.5CVSS7.1AI score0.95335EPSS
Exploits5
OSV
OSV
added 2022/11/21 11:15 p.m.4 views

CVE-2022-44784

An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed...

8.8CVSS5.9AI score0.00984EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2022/10/27 6:13 p.m.2 views

jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.9AI score0.7848EPSS
Exploits2References4
CNNVD
CNNVD
added 2022/07/02 12:0 a.m.5 views

ZOHO ManageEngine ServiceDesk Plus 路径遍历漏洞

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates Incident Management, Problem Management, Asset Management IT Project Management, Procurement and Contract Management modules...

7.5CVSS7.3AI score0.03375EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/11/23 10:34 a.m.7 views

jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.9AI score0.7848EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2021/10/18 5:45 p.m.7 views

jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.9AI score0.7848EPSS
Exploits2References4
Rows per page
Query Builder