Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

AstraLinux
AstraLinuxadded 2026/05/20 5:53 a.m.20 views

Astra Linux - уязвимость в tomcat9

Path Equivalence: The use of ‘file.Name’ an internal dot notation can lead to Remote Code Execution, information disclosure, or the addition of malicious content to uploaded files via the write-enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat versions from 11.0.0-M1...

10CVSS7.7AI score0.9413EPSS
Exploits44References2
RedHat Linux
RedHat Linuxadded 2025/05/13 4:2 p.m.7 views

tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...

10CVSS7.8AI score0.9413EPSS
Exploits44References6
GithubExploit
GithubExploitadded 2025/03/20 10:52 p.m.472 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813: Apache 1. Explanation Tomcat is vulnerabl...

9.8CVSS9AI score0.9413EPSS
Exploits44
Hacker One
Hacker Oneadded 2025/03/11 2:42 p.m.580 views

Internet Bug Bounty: CVE-2025-24813: Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet

The Apache Tomcat vulnerability CVE-2025-24813 allowed remote code execution and information disclosure. The vulnerability was caused by a combination of features, including writes enabled for the default servlet, support for partial PUT requests, and the use of Tomcat's file-based session...

10CVSS7.5AI score0.9413EPSS
Exploits44
ATTACKERKB
ATTACKERKBadded 2025/03/10 12:0 a.m.20 views

CVE-2025-24813

Path Equivalence: ‘file.Name’ Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

10CVSS9.6AI score0.9413EPSS
In wildExploits44References3
Tenable Nessus
Tenable Nessusadded 2015/06/22 12:0 a.m.14 views

FreeBSD : p5-Dancer -- possible to abuse session cookie values (968d1e74-1740-11e5-a643-40a8f0757fb4)

Russell Jenkins reports : It was possible to abuse session cookie values so that file-based session stores such as Dancer::Session::YAML or Dancer2::Session::YAML would attempt to read/write from any file on the filesystem with the same extension the file-based store uses, such as '.yml' for the...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2013/05/23 12:0 a.m.30 views

Debian DSA-2670-1 : request-tracker3.8 - several vulnerabilities

Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-3368 The rt command line tool uses semi-predictable temporary files. A malicious user can...

6.8CVSS7.7AI score0.0113EPSS
Exploits0References16
Rows per page
Query Builder