Lucene search
+L

81 matches found

NVD
NVD
added yesterday7 views

CVE-2026-62220

OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller or configured input path to bypass non-browser rate limits on WebSocket authentication attempts. When the affected feature is enabled and reachable by lower-trust input, this can consume gateway resources and reduce service availabili...

6.3CVSS0.00312EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago38 views

CVE-2026-15542 will-moss Isaiah Websocket Connection Authentication main.go improper authentication

A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack can be initiated remotely. The pull request to fix this iss...

7.5CVSS0.00403EPSS
Exploits0References7
OSV
OSV
added 5 days ago4 views

CVE-2026-15542 will-moss Isaiah Websocket Connection Authentication main.go improper authentication

A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack can be initiated remotely. The pull request to fix this iss...

6.9CVSS5.6AI score0.00403EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/07/08 6:55 a.m.7 views

CVE-2026-46726

A flaw was found in the Apache Camel Vertx Websocket component. This vulnerability allows an unauthenticated remote attacker to inject malicious query parameters into a WebSocket connection. This can lead to Server-Side Request Forgery SSRF, where the server is coerced into making requests to...

8.2CVSS6AI score0.00536EPSS
Exploits1References4
NVD
NVD
added 2026/06/25 10:17 p.m.11 views

CVE-2026-40702

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead t...

9.4CVSS0.00378EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:36 p.m.11 views

CVE-2026-9162

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continu...

4.3CVSS5.9AI score0.00202EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51322

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.17 Mattermost versions 11.5.x through 11.5.5 Mattermost versions 11.6.x through 11.6.2 Mattermost versions 11.7.x through 11.7.0 Description An issue exists where the system fails to invalidate cached...

4.3CVSS5.8AI score0.00202EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.28 views

PT-2026-50131

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

7.5CVSS7.2AI score0.00723EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/06/11 3:34 p.m.7 views

Security update for tomcat11

This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. CVE-2026-42498: WebSocket authentication header exposure bsc1265165...

8.7CVSS6.6AI score0.01339EPSS
Exploits2References28
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.13 views

CVE-2026-42498

A flaw was found in Apache Tomcat. During WebSocket authentication, the HTTP Authentication Header can be exposed to unexpected hosts. This vulnerability leads to information disclosure, potentially allowing an attacker to gain access to sensitive authentication credentials...

7.3CVSS7AI score0.00548EPSS
Exploits0References4
OSV
OSV
added 2026/05/14 11:56 a.m.12 views

BIT-TOMCAT-2026-42498 Apache Tomcat: WebSocket authentication header exposure

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

7.3CVSS5.8AI score0.00548EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 2:22 p.m.17 views

SUSE CVE-2026-42498

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

5.3CVSS5.8AI score0.00548EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-42498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: fro...

7.3CVSS7.1AI score0.00548EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/12 8:44 p.m.4 views

tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication.

A flaw was found in Apache Tomcat. During WebSocket authentication, the HTTP Authentication Header can be exposed to unexpected hosts. This vulnerability leads to information disclosure, potentially allowing an attacker to gain access to sensitive authentication credentials...

7.3CVSS6.8AI score0.00548EPSS
Exploits0References5
OSV
OSV
added 2026/05/12 4:16 p.m.6 views

DEBIAN-CVE-2026-42498

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

7.3CVSS5.8AI score0.00548EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 3:17 p.m.9 views

CVE-2026-42498 Apache Tomcat: WebSocket authentication header exposure

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

5.8AI score0.00548EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 3:17 p.m.58 views

CVE-2026-42498

CVE-2026-42498 affects Apache Tomcat across multiple branches (7.0.83–7.0.109, 8.5.24–8.5.100, 9.0.2–9.0.117, 10.1.0-M1–10.1.54, 11.0.0-M1–11.0.21). Root cause: exposure of the HTTP Authentication header to unintended hosts during WebSocket authentication, enabling header leakage when a WebSocket...

7.3CVSS5.8AI score0.00548EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/12 3:17 p.m.2 views

CVE-2026-42498 Apache Tomcat: WebSocket authentication header exposure

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

7.3CVSS7AI score0.00548EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 3:17 p.m.72 views

CVE-2026-42498 Apache Tomcat: WebSocket authentication header exposure

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

0.00548EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Apache Tomcat 信息泄露漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Apache Tomcat has a vulnerability related to information leakage, which stems from exposing HTTP authentication headers to...

7.3CVSS5.8AI score0.00548EPSS
Exploits0References1
Rows per page
Query Builder