CVE-2026-55276

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

CVE-2026-55276

The CVE-2026-55276 issue is an Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat where the effective web.xml could be logged without including special roles and empty authorisation constraints. Affected versions include Tomcat 11.0.0-M1–11.0.22, 10.1.0-M1–10.1.55, 9.0.0-...

CVE-2014-8115

The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors...

Workbench: Insufficient authorization constraints

It was discovered that the default authorization constrains applied on servelets deployed in the KIE Workbench application were insufficient. A remote, authenticated user without sufficient privileges could use this flaw to upload or download arbitrary files, perform privileged actions that...