Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Friends Of PHP
Friends Of PHPadded 2026/05/20 8:0 a.m.7 views

CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]

More info at https://symfony.com/cve-2026-45075...

5.8AI score0.00052EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHPadded 2026/05/20 8:0 a.m.7 views

CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]

More info at https://symfony.com/cve-2026-45075...

5.8AI score0.00052EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linuxadded 2026/04/30 2:2 p.m.9 views

tomcat: security constraint bypass with HTTP/0.9

A flaw was found in Tomcat. An improper input validation vulnerability allows an attacker to bypass security constraints. Specifically, if a security constraint is configured to permit HEAD requests to a URI but deny GET requests, a malformed or specification invalid HEAD request using the HTTP/0...

6.5CVSS7.2AI score0.0053EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2026/03/30 12:0 a.m.16 views

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2026-1496)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1496 advisory. mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions...

9.1CVSS7AI score0.0053EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/03/20 4:37 a.m.1 views

CVE-2026-33011 Nest Fastify HEAD Request Middleware Bypass

Nest is a framework for building scalable Node.js server-side applications. In versions 11.1.15 and below, a NestJS application using @nestjs/platform-fastify GET middleware can be bypassed because Fastify automatically redirects HEAD requests to the corresponding GET handlers if they exist. As a...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/20 4:37 a.m.23 views

CVE-2026-33011 Nest Fastify HEAD Request Middleware Bypass

Nest is a framework for building scalable Node.js server-side applications. In versions 11.1.15 and below, a NestJS application using @nestjs/platform-fastify GET middleware can be bypassed because Fastify automatically redirects HEAD requests to the corresponding GET handlers if they exist. As a...

8.7CVSS0.00346EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/17 6:50 p.m.2 views

CVE-2026-24733 Apache Tomcat: Security constraint bypass with HTTP/0.9

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...

5.8AI score0.0053EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/17 6:50 p.m.1 views

CVE-2026-24733

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a specification inval...

5.5AI score0.0053EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder