Lucene search
+L

206 matches found

nuclei
nuclei
added yesterday4 views

Apache Tomcat - Cross-Site Scripting

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS6.1AI score0.02569EPSS
Exploits1References4
osv
osv
added 2026/07/06 4:18 p.m.4 views

BIT-TOMCAT-2026-50229 Apache Tomcat: XSS in number guess example

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0...

6.1CVSS5.9AI score0.02569EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/06/30 3:1 a.m.11 views

CVE-2026-50229

A flaw was found in Apache Tomcat. This vulnerability, known as Cross-Site Scripting XSS, allows a remote attacker to inject malicious scripts into the 'number guess example' web page. When other users view the compromised page, these scripts can execute in their web browsers. This could lead to...

6.1CVSS5.8AI score0.02569EPSS
Exploits1References4
snyk
snyk
added 2026/06/29 10:23 p.m.4 views

Cross-site Scripting (XSS)

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the number guess process. An attacker can execute arbitrary...

6.1CVSS6.2AI score0.02569EPSS
Exploits1References2
nvd
nvd
added 2026/06/29 9:16 p.m.9 views

CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS0.02569EPSS
Exploits1References2
osv
osv
added 2026/06/29 9:16 p.m.10 views

DEBIAN-CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS5.7AI score0.02569EPSS
Exploits1References1
osv
osv
added 2026/06/29 9:16 p.m.9 views

UBUNTU-CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS5.7AI score0.02569EPSS
Exploits1References8
osv
osv
added 2026/06/29 8:36 p.m.1 views

CVE-2026-50229 Apache Tomcat: XSS in number guess example

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS5.9AI score0.02569EPSS
Exploits1References4
cvelist
cvelist
added 2026/06/29 8:36 p.m.51 views

CVE-2026-50229 Apache Tomcat: XSS in number guess example

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

0.02569EPSS
Exploits1References1
debiancve
debiancve
added 2026/06/29 8:36 p.m.7 views

CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS5.7AI score0.02569EPSS
Exploits1
cve
cve
added 2026/06/29 8:36 p.m.127 views

CVE-2026-50229

CVE-2026-50229 describes an XSS flaw in the Apache Tomcat “number guess” example. Affected versions include Tomcat 11.0.0-M1–11.0.22, 10.1.0-M1–10.1.55, 9.0.0.M1–9.0.118, 8.5.0–8.5.100, and 7.0.0–7.0.109. The root cause is improper neutralization of script-related HTML tags in that example web pa...

6.1CVSS5.7AI score0.02569EPSS
Exploits1References2Affected Software1
redhat
redhat
added 2026/06/29 9:2 a.m.2 views

tomcat: Apache Tomcat: Cross-Site Scripting vulnerability in number guess example

A flaw was found in Apache Tomcat. This vulnerability, known as Cross-Site Scripting XSS, allows a remote attacker to inject malicious scripts into the 'number guess example' web page. When other users view the compromised page, these scripts can execute in their web browsers. This could lead to...

6.1CVSS6.1AI score0.02569EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/06/29 12:0 a.m.15 views

PT-2026-53740

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109...

6.1CVSS5.8AI score0.02569EPSS
Exploits1References43
cve
cve
added 2026/06/12 1:19 p.m.20 views

CVE-2017-20240

CVE-2017-20240 affects Crypt::PBKDF2 for Perl, with versions before 0.261630 vulnerable to timing attacks due to using Perl’s built-in eq comparison. Discrepancies in timing could reveal information about the derived key. Affected software: Crypt::PBKDF2 prior to 0.261630. Root cause: insecure eq...

5.9CVSS5.3AI score0.00319EPSS
Exploits0References4
hackerone
hackerone
added 2026/05/20 7:43 p.m.36 views

curl: Heap-OOB read in urlapi `redirect_url()` via `CURLU_GUESS_SCHEME` + `CURLU_NO_GUESS_SCHEME` flow

Hi all, We've found an issue in lib/urlapi.c where redirecturl reads past the end of a heap buffer when the source URL it operates on lacks a "scheme://" prefix. This is reachable through documented public APIs curlurlset when the caller mixes CURLUGUESSSCHEME with a subsequent CURLUNOGUESSSCHEME...

5.9AI score
Exploits0
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, and 8.2. before 8.2.7, when using SOAP HTTP Digest Authentication, the random value generator was not checked for failures. It used a narrower range of values than necessary. In the event of a random value generator failure, it could lead to...

4.3CVSS6.1AI score0.00709EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/24 12:0 a.m.3 views

CVE-2026-42095

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL...

4CVSS5.2AI score0.00161EPSS
Exploits0References5
cnnvd
cnnvd
added 2026/04/10 12:0 a.m.10 views

Chamilo LMS 安全特征问题漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.38 and 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilitie...

7.5CVSS5.9AI score0.00288EPSS
Exploits0References3
euvd
euvd
added 2026/03/28 9:33 p.m.6 views

EUVD-2025-209114

Amon2 versions before 6.17 for Perl use an insecure randomstring implementation for security functions. In versions 6.06 through 6.16, the randomstring function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 has...

5.8AI score0.00521EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/03/04 12:0 a.m.13 views

PT-2026-23006

Craft is a content management system CMS. Prior to 5.9.0-beta.2 and 4.17.0-beta.2, the actionSendActivationEmail endpoint is accessible to unauthenticated users and does not require a permission check for pending users. An attacker with no prior access can trigger activation emails for any pendin...

6.9CVSS6AI score0.00273EPSS
Exploits0References3
Rows per page
Query Builder