57139 matches found
MAL-2026-6873 Malicious code in router-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f60a60e68f645bffe7eb5e137979aa6fb6c535c53ee6e13a9fcf01951eb05b55 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
BIT-TOMCAT-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method
Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...
BIT-TOMCAT-2026-55955 Apache Tomcat: EncryptInterceptor not protected against replay attacks
Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, from...
BIT-TOMCAT-2026-55276 Apache Tomcat: Logged effective web.xml is incomplete
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...
BIT-TOMCAT-2026-53434 Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version 11.0.23,...
BIT-TOMCAT-2026-53404 Apache Tomcat: Bad ornext processing in RewriteValve
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...
BIT-TOMCAT-2026-50229 Apache Tomcat: XSS in number guess example
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0...
CVE-2026-13122
OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...
EUVD-2026-41890
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48316 ColdFusion | Improper Input Validation (CWE-20)
ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...
Security Bulletin: IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables (CVE-2025-36372)
Summary IBM® Db2® could disclose sensitive information such as access keys to an authenticated user from the monitoring and event tables. CVE-2025-36372 Vulnerability Details CVEID:CVE-2025-36372 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows...
CVE-2026-13122
OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...
CVE-2026-13708
Imager::File::JPEG versions before 1.003 for Perl leak heap memory when reading a JPEG with repeated APP13 markers in ireadjpegwiol. ireadjpegwiol walks the marker list libjpeg returns and, for each APP13 marker, allocates a new buffer with iptcitext = mymalloc... and overwrites the previous...
CVE-2026-46587
Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...
CVE-2026-46588
Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...
EUVD-2026-41866
Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...
CVE-2026-46587
Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...
EUVD-2026-41865
Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...
CVE-2026-49042
CVE-2026-49042 : This is an Improper Input Validation vulnerability in Apache Camel affecting 4.8.0–4.18.2 and 4.19.0–4.20.0. The issue’s root cause is input validation weaknesses. Fixed in Camel releases 4.18.3 and 4.21.0. CVSSv3.1 base score 7.3 (HIGH) with NETWORK attack vector, NO privileges,...
EUVD-2026-41864
Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue...