Lucene search
K

116 matches found

Vulnrichment
Vulnrichment
•added 2026/04/09 7:13 p.m.•3 views

CVE-2026-25854 Apache Tomcat: Occasionally open redirect

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...

5.8AI score0.00526EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/04/09 7:13 p.m.•7 views

CVE-2026-25854

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...

5.8AI score0.00526EPSS
Exploits0References2Affected Software1
Snyk
Snyk
•added 2026/04/08 9:0 p.m.•3 views

Open Redirect

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Open Redirect via the LoadBalancerDrainingValve.invoke function. When the LoadBalancerDrainingValve is in the disabled draining state, an attacker can redirect...

6.1CVSS5.8AI score0.00526EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/08 9:0 p.m.•4 views

Open Redirect

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Open Redirect via the LoadBalancerDrainingValve.invoke function. When the LoadBalancerDrainingValve is in the disabled draining stat...

6.1CVSS5.8AI score0.00526EPSS
Exploits0References2
HackRead
HackRead
•added 2026/03/25 12:14 p.m.•6 views

Fake OpenClaw Token Giveaway Targets GitHub Devs with Wallet-Draining Scam

OX Security reveals a new phishing campaign targeting GitHub developers. Scammers use fake OpenClaw token giveaways to trick users into connecting and draining their crypto wallets...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
•added 2026/03/23 12:0 a.m.•8 views

PT-2026-31697

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. Description An open redirect issue exists in Apache Tomcat due to a flaw in the LoadBalancerDrainingValve. This...

9.1CVSS5.8AI score0.15831EPSS
Exploits7References84
Positive Technologies
Positive Technologies
•added 2026/03/16 12:0 a.m.•8 views

PT-2026-36471

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The tcm loop target reset function violates the SCSI Error Handler EH contract by returning success without draining in-flight commands. This allows the SCSI EH to reuse scsi cmnd...

5.5CVSS6AI score0.00114EPSS
Exploits0References461
OSV
OSV
•added 2026/02/06 3:54 p.m.•4 views

OESA-2026-1289 python-urllib3 security update

HTTP library with thread-safe connection pooling, file post support, sanity friendly, and more. Security Fixes: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming A...

8.9CVSS5.7AI score0.02667EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
•added 2025/12/31 12:0 a.m.•6 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993203)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993203 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sockrecvmsg when draining clc data When receiving clc msg, the fie...

7.5CVSS6.2AI score0.00737EPSS
Exploits0References4
UbuntuCve
UbuntuCve
•added 2025/12/30 1:15 p.m.•3 views

CVE-2022-50833

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev-workqueue when queuing hdev-cmd,ncmdtimer works syzbot is reporting attempt to schedule hdev-cmdwork work from systemwq WQ into hdev-workqueue WQ which is under draining operation 1, for commit c8efcc2589464ac...

5.7AI score0.00198EPSS
Exploits0References5
OSV
OSV
•added 2025/12/30 1:15 p.m.•10 views

UBUNTU-CVE-2022-50833

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev-workqueue when queuing hdev-cmd,ncmdtimer works syzbot is reporting attempt to schedule hdev-cmdwork work from systemwq WQ into hdev-workqueue WQ which is under draining operation 1, for commit c8efcc2589464ac...

5.7AI score0.00198EPSS
Exploits0References6
Cvelist
Cvelist
•added 2025/12/30 12:10 p.m.•29 views

CVE-2022-50833 Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev-workqueue when queuing hdev-cmd,ncmdtimer works syzbot is reporting attempt to schedule hdev-cmdwork work from systemwq WQ into hdev-workqueue WQ which is under draining operation 1, for commit c8efcc2589464ac...

0.00198EPSS
Exploits0References3
OSV
OSV
•added 2025/12/30 12:10 p.m.•13 views

CVE-2022-50833 Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev-workqueue when queuing hdev-cmd,ncmdtimer works syzbot is reporting attempt to schedule hdev-cmdwork work from systemwq WQ into hdev-workqueue WQ which is under draining operation 1, for commit c8efcc2589464ac...

6.2AI score0.00198EPSS
Exploits0References6
Positive Technologies
Positive Technologies
•added 2025/12/30 12:0 a.m.•7 views

PT-2025-53951

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue related to Bluetooth handling. Specifically, the scheduling of work items within the Bluetooth HCI Host Controller Interface subsystem was flawed. A...

7.8CVSS6.4AI score0.00465EPSS
Exploits2References843
SUSE CVE
SUSE CVE
•added 2025/12/25 12:24 a.m.•6 views

SUSE CVE-2025-68375

In the Linux kernel, the following vulnerability has been resolved: perf/x86: Fix NULL event access and potential PEBS record loss When intelpmudrainpebsicl is called to drain PEBS records, the perfeventoverflow could be called to process the last PEBS record. While perfeventoverflow could trigge...

5.5CVSS6.4AI score0.00162EPSS
Exploits0References3
Cvelist
Cvelist
•added 2025/12/24 12:9 p.m.•28 views

CVE-2025-68748 drm/panthor: Fix UAF race between device unplug and FW event processing

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF race between device unplug and FW event processing The function panthorfwunplug will free the FW memory sections. The problem is that there could still be pending FW events which are yet not handled at this...

0.00171EPSS
Exploits0References4
OSV
OSV
•added 2025/12/24 12:9 p.m.•3 views

CVE-2025-68748 drm/panthor: Fix UAF race between device unplug and FW event processing

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF race between device unplug and FW event processing The function panthorfwunplug will free the FW memory sections. The problem is that there could still be pending FW events which are yet not handled at this...

6.2AI score0.00171EPSS
Exploits0References7
OSV
OSV
•added 2025/12/09 4:17 p.m.•3 views

UBUNTU-CVE-2025-40332

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mmap write lock not release If mmap write lock is taken while draining retry fault, mmap write lock is not released because svmrangerestorepages calls mmapreadunlock then returns. This causes deadlock and system...

5.7AI score0.00192EPSS
Exploits0References11
OSV
OSV
•added 2025/12/03 11:44 a.m.•2 views

BIT-NGINX-GATEWAY-2024-31079 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacke...

4.8CVSS6.8AI score0.00872EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
•added 2025/10/29 8:2 a.m.•6 views

RDMA/rxe: Fix race in do_task() when draining

...

6.6CVSS7AI score0.00183EPSS
Exploits0
Rows per page
Query Builder