22 matches found
K000161597: Apache Tomcat vulnerability CVE-2026-34483
Security Advisory Description Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade...
CVE-2026-44635
Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters ., , , , , ?. When attacker-controlled input flows into eb.refcol, '-$'.keyinput or .atinput — including type-safe code where the JSON column ...
Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve
A flaw was found in the JsonAccessLogValve component of Apache Tomcat. This improper encoding or escaping of output vulnerability could allow an attacker to inject specially crafted data into log files. This could lead to information disclosure or other unintended consequences when the logs are...
Atlassian Confluence 8.9.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103708)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103708 advisory. - This Improper Encoding or Escaping of Output vulnerability allows an unauthenticated attacker to potentially disclose sensitive information via t...
Improper Encoding org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center
This High severity Improper Encoding vulnerability known as CVE-2026-34483 was introduced in version 11.3.0. This Improper Encoding or Escaping of Output vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to...
Improper Encoding org.apache.tomcat:tomcat-catalina Dependency in Confluence Data Center
This High severity Improper Encoding vulnerability known as CVE-2026-34483 was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0. This Improper Encoding or Escaping of Output vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
SUSE-SU-2026:1603-1 Security update for tomcat10
This update for tomcat10 fixes the following issues: Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OCSP checks...
SUSE-SU-2026:21378-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OCSP checks sometimes soft-fail...
SUSE-SU-2026:21366-1 Security update for tomcat11
This update for tomcat11 fixes the following issues: - Update to Tomcat 11.0.21 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...
Apache Tomcat 9.0.92 < 9.0.117 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 9.0.117. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.117security-9 advisory. - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusterin...
BIT-TOMCAT-2026-34483 Apache Tomcat: Incomplete escaping of JSON access logs
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.20, from 10.1.0 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or...
PT-2026-32442
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.20, from 10.1.0 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or...
SUSE CVE-2026-34483
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...
GHSA-RV64-5GF8-9QQ8 Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...
CVE-2026-34483 Apache Tomcat: Incomplete escaping of JSON access logs
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...
CVE-2026-34483
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...
CVE-2026-34483
CVE-2026-34483 is an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. Affected versions: Tomcat 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.40 through 9.0.116. Exploitation concerns are not detailed in the provided docum...
PT-2026-31711
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.40 through 9.0.116 Description A flaw exists within the JsonAccessLogValve component of Apache Tomcat related to improper encoding or escaping of output...
CVE-2026-34214 Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON
Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. This issue has been patch...
CVE-2023-38337
rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI or Swagger specification file of a project...