Lucene search
+L

18 matches found

osv
osv
added last week15 views

ROOT-APP-MAVEN-CVE-2026-29145 CVE-2026-29145 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root

Root has patched CVE-2026-29145 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available...

9.1CVSS5.8AI score0.00715EPSS
Exploits2
nessus
nessus
added 2026/05/26 12:0 a.m.41 views

Atlassian Confluence 9.1.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103709)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103709 advisory. - This BASM Broken Authentication & Session Management vulnerability allows an unauthenticated attacker to perform actions as another user which ha...

9.1CVSS5.8AI score0.00715EPSS
Exploits2References2
wolfi
wolfi
added 2026/05/16 1:48 a.m.24 views

CVE-2026-29145 vulnerabilities

Vulnerabilities for packages: thingsboard...

9.1CVSS5.8AI score0.00715EPSS
Exploits2
nessus
nessus
added 2026/04/30 12:0 a.m.18 views

Amazon Linux 2023 : tomcat-native (ALAS2023-2026-1595)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1595 advisory. CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1...

9.1CVSS5.8AI score0.00715EPSS
Exploits2References4
suse
suse
added 2026/04/24 11:48 a.m.6 views

Security update for tomcat

This update for tomcat fixes the following issues: Security fixes: CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. CVE-2026-25854: Occasionally open redirect bsc1261851. CVE-2026-29129: TLS cipher order is not preserved bsc1261852. CVE-2026-29145: OCSP checks sometimes...

8.7CVSS5.6AI score0.0504EPSS
Exploits1References40
suse
suse
added 2026/04/24 11:47 a.m.7 views

Security update for tomcat10

This update for tomcat10 fixes the following issues: Security fixes: CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. CVE-2026-25854: Occasionally open redirect bsc1261851. CVE-2026-29129: TLS cipher order is not preserved bsc1261852. CVE-2026-29145: OCSP checks sometimes...

8.7CVSS5.6AI score0.21691EPSS
Exploits6References40
suse
suse
added 2026/04/23 3:52 p.m.10 views

Security update for tomcat

This update for tomcat fixes the following issues: Security fixes: CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. CVE-2026-25854: Occasionally open redirect bsc1261851. CVE-2026-29129: TLS cipher order is not preserved bsc1261852. CVE-2026-29145: OCSP checks sometimes...

8.7CVSS7.4AI score0.21691EPSS
Exploits8References40
osv
osv
added 2026/04/23 3:52 p.m.7 views

SUSE-SU-2026:1572-1 Security update for tomcat

This update for tomcat fixes the following issues: Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OCSP checks...

9.1CVSS8.5AI score0.21691EPSS
Exploits8References21
opensuse
opensuse
added 2026/04/23 12:0 a.m.13 views

Security update for tomcat10 (important)

openSUSE security update: security update for tomcat10 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20612-1 Rating: important References: bsc1258371 bsc1261850 bsc1261851 bsc1261852 bsc1261853 bsc1261854 bsc1261855 bsc1261856 bsc1261857...

8.7CVSS7.4AI score0.21691EPSS
Exploits6References9
osv
osv
added 2026/04/21 11:43 a.m.16 views

OPENSUSE-SU-2026:20595-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: - Update to Tomcat 11.0.21 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...

9.1CVSS7.4AI score0.21691EPSS
Exploits8References20
opensuse
opensuse
added 2026/04/15 12:0 a.m.7 views

tomcat11-11.0.21-1.1 on GA media (moderate)

tomcat11-11.0.21-1.1 on GA media Announcement ID: openSUSE-SU-2026:10549-1 Rating: moderate Cross-References: CVE-2026-24880 CVE-2026-25854 CVE-2026-29129 CVE-2026-29145 CVE-2026-29146 CVE-2026-32990 CVE-2026-34483 CVE-2026-34486 CVE-2026-34487 CVE-2026-34500 CVSS scores: CVE-2026-24880 SUSE : 4....

8.7CVSS6.8AI score0.21691EPSS
Exploits8
opensuse
opensuse
added 2026/04/15 12:0 a.m.5 views

tomcat-9.0.117-1.1 on GA media (moderate)

tomcat-9.0.117-1.1 on GA media Announcement ID: openSUSE-SU-2026:10547-1 Rating: moderate Cross-References: CVE-2026-24880 CVE-2026-25854 CVE-2026-29129 CVE-2026-29145 CVE-2026-29146 CVE-2026-32990 CVE-2026-34483 CVE-2026-34486 CVE-2026-34487 CVE-2026-34500 CVSS scores: CVE-2026-24880 SUSE : 4.8...

8.7CVSS5.8AI score0.21691EPSS
Exploits8
vulnersosv
vulnersosv
added 2026/04/09 9:31 p.m.7 views

org.apache.tomee.bom:tomee-microprofile (>=10.0.0 <=10.0.0-M3), org.apache.tomee.bom:tomee-plume (>=10.0.0 <=10.0.0-M3) +2 more potentially affected by CVE-2026-29145 via org.apache.tomcat:tomcat-coyote-ffm (>=10.1.30 <=10.1.52)

org.apache.tomcat:tomcat-coyote-ffm MAVEN version =10.1.30, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =10.1.4 Source cves: CVE-2026-29145 Source advisory: OSV:GHSA-95JQ-RWVF-VJX4...

9.1CVSS5.4AI score0.00715EPSS
Exploits2
ubuntucve
ubuntucve
added 2026/04/09 8:16 p.m.6 views

CVE-2026-29145

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

9.1CVSS5.8AI score0.00715EPSS
Exploits2References3
debiancve
debiancve
added 2026/04/09 7:20 p.m.5 views

CVE-2026-29145

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

9.1CVSS5.3AI score0.00715EPSS
Exploits2
tomcat
tomcat
added 2026/04/09 7:20 p.m.8 views

Fixed in Apache Tomcat Native Connector 2.0.14 / 1.3.7

Moderate: OCSP checks sometimes soft-fail even when soft-fail is disabled CVE-2026-29145 CLIENTCERT authentication did not fail OCSP checks as expected for some scenarios when soft fail was disabled. This was fixed with commit bcea0ac2 2.0.x and 204f7f8a 1.3.x. This issue was reported to the Tomc...

9.1CVSS5.8AI score0.00715EPSS
Exploits2Affected Software1
attackerkb
attackerkb
added 2026/04/09 7:20 p.m.6 views

CVE-2026-29145

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

5.8AI score0.00715EPSS
Exploits2References2Affected Software2
vulnersosv
vulnersosv
added 2026/04/08 9:0 p.m.8 views

org.apache.tomee.bom:tomee-microprofile (>=10.0.0 <=10.0.0-M3), org.apache.tomee.bom:tomee-plume (>=10.0.0 <=10.0.0-M3) +2 more potentially affected by CVE-2026-29145 via org.apache.tomcat:tomcat-coyote-ffm (>=10.1.30 <=10.1.52)

org.apache.tomcat:tomcat-coyote-ffm MAVEN version =10.1.30, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =10.1.4 Source cves: CVE-2026-29145 Source advisory: SNYK:JAVA-ORGAPACHETOMCAT-15989807...

9.1CVSS5.8AI score0.00715EPSS
Exploits2
Rows per page
Query Builder