Lucene search
+L

7207 matches found

nuclei
nuclei
added yesterday68 views

Apache Tomcat Examples Web Application - Cross-Site Scripting

Apache Tomcat 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22, and 10.1.0-M1 to 10.1.0-M16 contain a reflected cross-site scripting caused by displaying unfiltered user data in the Form authentication example, letting attackers execute scripts in victim browsers, exploit requires attacke...

6.1CVSS6.8AI score0.06156EPSS
Exploits0References4
nuclei
nuclei
added yesterday50 views

Apache Tomcat - HTTP Request Smuggling

Apache Tomcat from versions 8.5.0 to 8.5.93, 9.0.0-M1 to 9.0.81, 10.1.0-M1 to 10.1.13, and 11.0.0-M1 to 11.0.0-M11 contain an improper input validation caused by incorrect parsing of HTTP trailer headers, letting attackers craft headers to cause request smuggling, exploit requires sending malicio...

5.3CVSS6.7AI score0.05848EPSS
Exploits2References3
nuclei
nuclei
added yesterday149 views

Apache Tomcat 4.x-7.x - Cross-Site Scripting

Apache Tomcat 4.x through 7.x contains a cross-site scripting vulnerability which an attacker can use to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. id: CVE-2007-2449 info: name: Apache Tomcat 4.x-7.x - Cross-Site Scripting author:...

4.3CVSS6.3AI score0.77376EPSS
Exploits1References2
nuclei
nuclei
added yesterday16 views

Apache Tomcat Tribes EncryptInterceptor Bypass - Remote Code Execution

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. id: CVE-2026-34486 info: name: Apache Tomcat Tribes EncryptInterceptor Bypass - Remote...

7.5CVSS7AI score0.21691EPSS
Exploits6References3
nuclei
nuclei
added yesterday5 views

Apache Tomcat - Cross-Site Scripting

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS6.1AI score0.02569EPSS
Exploits1References4
euvd
euvd
added 3 days ago5 views

EUVD-2026-43640

Insufficient Technical Documentation vulnerability in Apache Tomcat since the requirements to securely configure the EncryptInterceptor were not clearly documented. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.13 through 9.0.119, from...

9.1CVSS6.1AI score0.00368EPSS
Exploits0References1
cve
cve
added 3 days ago9 views

CVE-2026-59084

CVE-2026-59084 affects Apache Tomcat across multiple branches (11.x, 10.x, 9.x, 8.x, 7.x) where EncryptInterceptor configuration requirements were not clearly documented, per NVD and related sources. Root cause: insufficient technical documentation for EncryptInterceptor configuration. Impact sta...

9.1CVSS6.1AI score0.00368EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 3 days ago26 views

CVE-2026-59084 Apache Tomcat: EncryptInterceptor requirements not clearly documented

Insufficient Technical Documentation vulnerability in Apache Tomcat since the requirements to securely configure the EncryptInterceptor were not clearly documented. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.13 through 9.0.119, from...

0.00368EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago26 views

CVE-2026-59083 Apache Tomcat: Incorrect URL decoding in RewriteValve may allow security control bypass

Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.0.M1 through 9.0.119, from 8.5.0...

0.00376EPSS
Exploits0References1
redhat
redhat
added 4 days ago3 views

Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass

A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...

7.5CVSS7AI score0.21691EPSS
Exploits6References5
osv
osv
added 2026/07/09 12:5 p.m.3 views

ROOT-APP-MAVEN-CVE-2025-49125 CVE-2025-49125 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root

Root has patched CVE-2025-49125 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...

7.5CVSS7.1AI score0.03163EPSS
Exploits0
redhat
redhat
added 2026/07/09 8:24 a.m.7 views

Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass

A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...

7.5CVSS7.2AI score0.21691EPSS
Exploits6References5
redhat
redhat
added 2026/07/09 8:3 a.m.6 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS7.2AI score0.0504EPSS
Exploits1References5
redhat
redhat
added 2026/07/08 10:3 p.m.4 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS7.2AI score0.0504EPSS
Exploits1References5
redhat
redhat
added 2026/07/08 10:3 p.m.6 views

Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass

A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...

7.5CVSS7.2AI score0.21691EPSS
Exploits6References5
redhat
redhat
added 2026/07/08 9:46 p.m.6 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS7.2AI score0.0504EPSS
Exploits1References5
redhat
redhat
added 2026/07/08 4:41 p.m.4 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS6.1AI score0.0504EPSS
Exploits1References5
redhat
redhat
added 2026/07/08 4:38 p.m.6 views

Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive Data due to EncryptInterceptor bypass

A flaw was found in Apache Tomcat. This vulnerability, categorized as Missing Encryption of Sensitive Data, arises from a bypass in the EncryptInterceptor, a component designed to ensure data encryption. This bypass, introduced as a fix for CVE-2026-29146, allows sensitive data to remain...

7.5CVSS6.1AI score0.21691EPSS
Exploits6References5
redhat
redhat
added 2026/07/08 4:38 p.m.4 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS6.1AI score0.0504EPSS
Exploits1References5
redhat
redhat
added 2026/07/08 4:38 p.m.4 views

Apache Tomcat: Apache Tomcat: Configured cipher preference order not preserved

A flaw was found in Apache Tomcat. This vulnerability occurs when the configured cipher preference order is not preserved. This could allow an attacker to bypass intended security configurations, potentially leading to a weakened security posture or information disclosure...

7.5CVSS6.1AI score0.00259EPSS
Exploits0References5
Rows per page
Query Builder