Lucene search
+L

26 matches found

CVE
CVE
added 2026/06/30 3:54 p.m.20 views

CVE-2026-58171

CVE-2026-58171 affects Vibe-Trading prior to 0.1.10. The swarm run directory is built by naïvely joining a caller-supplied run identifier to the base runs directory in agent/src/swarm/store.py, with no validation. A crafted run identifier via MCP swarm tools enables path traversal to read arbitra...

4.2CVSS5.9AI score0.00253EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2026/06/29 12:0 a.m.9 views

tomcat security update

1:9.0.117-1 - Resolves: RHEL-150714 Certificate revocation bypass due to improper OCSP response validation - Resolves: Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled CVE-2026-34500 - Resolves: Tomcat: Cloud membership for clustering component exposed the Kubernet...

9.6CVSS7.2AI score0.21691EPSS
Exploits9
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 6:29 p.m.4 views

Security Bulletin: Vulnerabilities found in Watson Data Intelligence

Summary Multiple Vulnerabilities were addressed in Watson Data Intelligence version 5.3.1-patch3. Vulnerability Details CVEID:CVE-2025-14917 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expecte...

9.8CVSS6.6AI score0.0504EPSS
Exploits3Affected Software1
F5 Networks
F5 Networks
added 2026/06/05 3:41 p.m.20 views

K000161597: Apache Tomcat vulnerability CVE-2026-34483

Security Advisory Description Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade...

7.5CVSS7.1AI score0.00461EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/05/27 7:16 p.m.16 views

CVE-2026-44635

Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters ., , , , , ?. When attacker-controlled input flows into eb.refcol, '-$'.keyinput or .atinput — including type-safe code where the JSON column ...

7.5CVSS0.00362EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/26 12:59 p.m.14 views

Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve

A flaw was found in the JsonAccessLogValve component of Apache Tomcat. This improper encoding or escaping of output vulnerability could allow an attacker to inject specially crafted data into log files. This could lead to information disclosure or other unintended consequences when the logs are...

7.5CVSS7AI score0.00461EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.17 views

Atlassian Confluence 8.9.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103708)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103708 advisory. - This Improper Encoding or Escaping of Output vulnerability allows an unauthenticated attacker to potentially disclose sensitive information via t...

7.5CVSS7.1AI score0.00461EPSS
Exploits0References2
Atlassian
Atlassian
added 2026/05/06 4:29 p.m.26 views

Improper Encoding org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center

This High severity Improper Encoding vulnerability known as CVE-2026-34483 was introduced in version 11.3.0. This Improper Encoding or Escaping of Output vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to...

7.5CVSS5.8AI score0.00461EPSS
Exploits0
Atlassian
Atlassian
added 2026/05/05 10:29 a.m.33 views

Improper Encoding org.apache.tomcat:tomcat-catalina Dependency in Confluence Data Center

This High severity Improper Encoding vulnerability known as CVE-2026-34483 was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0. This Improper Encoding or Escaping of Output vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS5.8AI score0.00461EPSS
Exploits0
OSV
OSV
added 2026/04/24 11:47 a.m.5 views

SUSE-SU-2026:1603-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OCSP checks...

9.1CVSS5.4AI score0.21691EPSS
Exploits8References21
OSV
OSV
added 2026/04/22 11:7 a.m.6 views

SUSE-SU-2026:21378-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OCSP checks sometimes soft-fail...

9.1CVSS7.4AI score0.21691EPSS
Exploits8References21
OSV
OSV
added 2026/04/21 11:42 a.m.6 views

SUSE-SU-2026:21366-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: - Update to Tomcat 11.0.21 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. - CVE-2026-29129: TLS cipher order is not preserved bsc1261852. - CVE-2026-29145: OC...

9.1CVSS7.4AI score0.21691EPSS
Exploits8References21
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Apache Tomcat 9.0.92 < 9.0.117 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.117. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.117security-9 advisory. - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusterin...

7.5CVSS6AI score0.21691EPSS
Exploits6References9
OSV
OSV
added 2026/04/13 10:19 a.m.2 views

BIT-TOMCAT-2026-34483 Apache Tomcat: Incomplete escaping of JSON access logs

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.20, from 10.1.0 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or...

7.5CVSS5.8AI score0.00461EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32442

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.20, from 10.1.0 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or...

7.5CVSS5.8AI score0.00461EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/10 11:25 p.m.5 views

SUSE CVE-2026-34483

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

4.8CVSS5.8AI score0.00461EPSS
Exploits0References10
OSV
OSV
added 2026/04/09 9:31 p.m.8 views

GHSA-RV64-5GF8-9QQ8 Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

7.5CVSS5.8AI score0.00461EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 7:30 p.m.3 views

CVE-2026-34483 Apache Tomcat: Incomplete escaping of JSON access logs

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

5.8AI score0.00461EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:30 p.m.2 views

CVE-2026-34483

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

5.8AI score0.00461EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/09 7:30 p.m.50 views

CVE-2026-34483

CVE-2026-34483 is an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. Affected versions: Tomcat 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.40 through 9.0.116. Exploitation concerns are not detailed in the provided docum...

7.5CVSS5.8AI score0.00461EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder