37 matches found
tomcat: Apache Tomcat: Misleading security logs due to incorrect control flow
A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might...
Apache Tomcat: Apache Tomcat: Incorrect control flow in rewrite valve allows unexpected rule processing
A flaw was found in Apache Tomcat's rewrite valve. This vulnerability involves an incorrect control flow implementation where, during the processing of rewrite rules, if the first condition in an OR chain matched, subsequent non-OR conditions were unexpectedly skipped. This can lead to unintended...
tomcat: Apache Tomcat: Misleading security logs due to incorrect control flow
A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might...
Security Bulletin: IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449
Summary IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-3449 DESCRIPTION: Versions of the package @tootallnate/once before 3.0.1 are vulnerab...
PT-2026-33714
Name of the Vulnerable Software and Affected Versions lm-sys fastchat versions prior to 0.2.37 Description Remote Code Execution is possible in the Arena Side-by-Side View Handler component via the add text function. Manipulation of this function results in incorrect control flow, allowing an...
ROS-20260414-73-0025
Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...
ROS-20260414-73-0028
Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...
ROS-20260414-73-0010
Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...
ROS-20260414-73-0009
Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...
ROS-20260414-73-0008
Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...
Always-Incorrect Control Flow Implementation
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation via the onboarding process. An attacker can obtain gateway credentials by leveraging a scenario where a previously discovered endpoint persist...
@tootallnate/once vulnerable to Incorrect Control Flow Scoping
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...
GHSA-VPQ2-C234-7XJ6 @tootallnate/once vulnerable to Incorrect Control Flow Scoping
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...
CVE-2026-3449
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This...
PT-2026-22719
Name of the Vulnerable Software and Affected Versions @tootallnate/once versions prior to 3.0.1 Description The package @tootallnate/once versions prior to 3.0.1 are susceptible to an issue with incorrect control flow scoping in promise resolving when the AbortSignal option is utilized. When the...
Incorrect Control Flow Scoping
Overview Affected versions of this package are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then usage to hang indefinitely. This can cause a...
ROS-20260128-73-0052
Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...
ROS-20260128-73-0040
Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...
ROS-20260128-73-0041
Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...
ROS-20260112-7301
Vulnerability in kernel-lt related to implementation of incorrect control flow. Exploitation of the vulnerability may allow an attacker to cause a denial of service...