777 matches found
Oracle Linux 9 : tomcat (ELSA-2026-26323)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26323 advisory. - Resolves: Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled CVE-2026-34500 - Resolves: Tomcat: Cloud membership for clustering...
EUVD-2026-38824
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephxdecrypt In cephxdecrypt, a part of the buffer p is interpreted as a cephxencryptheader, and the magic field of this struct is accessed. This happens without any guarantee that t...
Security Bulletin: Vulnerabilities found in Watson Data Intelligence
Summary Multiple Vulnerabilities were addressed in Watson Data Intelligence version 5.3.1-patch3. Vulnerability Details CVEID:CVE-2025-14917 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expecte...
CVE-2026-52956
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephxdecrypt In cephxdecrypt, a part of the buffer p is interpreted as a cephxencryptheader, and the magic field of this struct is accessed. This happens without any guarantee that t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Do not allow journal inode to have the encrypt flag Mounting a filesystem whose journal inode has the encrypt flag causes a NULL dereference in fscryptlimitioblocks when the 'inlinecrypt' mount option is used. The problem...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Therefore, dereferencing req-iv after its return is invalid...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23, and 7.4.x below 7.4.11, when AES-CCM mode is used with the opensslencrypt function and a 12-byte IV is provided, only the first 7 bytes of the IV are actually used. This can result in reduced security and incorrect encrypted data...
CVE-2026-50892
Incorrect access control in the "Let's Encrypt" certificate download endpoint of Nginx Proxy Manager v2.14.0 allows authenticated attackers to obtain the TLS private key material via a crafted GET request...
CVE-2026-50892
CVE-2026-50892 affects Nginx Proxy Manager v2.14.0. The root cause is improper access control on the Let’s Encrypt certificate download endpoint, allowing authenticated attackers to obtain TLS private key material via a crafted GET request. The impact is limited to confidentiality, with the CVSS ...
Malicious code in typeorm-encrypt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a56a819a1e640411db5e485054b23282d0d04f847270ea17c605cbfa6e6ab5ac The published tarball contains lib/lib.min.js, a heavily obfuscated file that stashes Node intrinsics on globals global'r'=require; global'm'=module;...
MAL-2026-5633 Malicious code in typeorm-encrypt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a56a819a1e640411db5e485054b23282d0d04f847270ea17c605cbfa6e6ab5ac The published tarball contains lib/lib.min.js, a heavily obfuscated file that stashes Node intrinsics on globals global'r'=require; global'm'=module;...
CVE-2026-25861 QloApps 1.7.0 Weak Password Hashing via MD5 in Tools.php
QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...
CVE-2026-25861
QloApps through 1.7.0, fixed in commit 64e9722, contains a weak cryptographic algorithm vulnerability that allows attackers to compromise user credentials by exploiting the use of MD5 for password hashing in the Tools::encrypt function within classes/Tools.php, which concatenates a static cookie...
PT-2026-45872
Name of the Vulnerable Software and Affected Versions QloApps versions prior to 1.7.0 commit 64e9722 Description The software uses a weak cryptographic algorithm for password hashing. Specifically, the encrypt function in classes/Tools.php utilizes MD5, concatenating a static cookie key with the...
CVE-2026-10179
A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...
Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor
A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...
Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor
A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...
CVE-2026-43492
A flaw was found in the Linux kernel. A local user could trigger an integer underflow in the mpireadrawfromsgl function within the lib/crypto: mpi component. This occurs when invoking a KEYCTLPKEYENCRYPT system call with a larger output length than input length and providing a zero-filled input...
GHSA-HC3C-63HC-2R9F libcrux: Potential Panic on Overlong Ciphertext Buffer
An application that passes in a ciphertext buffer of length greater than ptxt.len + TAGLEN to libcruxchacha20poly1305::encrypt or libcruxchacha20poly1305::xchacha20poly1305::encrypt would experience a panic. Impact An application where the length of the ciphertext buffer is under attacker control...
PT-2026-41874
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer underflow exists in the mpi read raw from sgl function. This occurs when the number of leading zeros in a scatterlist exceeds the nbytes parameter, causing an underflow during...