Lucene search
K

15 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-42622

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...

8.4CVSS6.3AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Oracle Linux 9 : tomcat (ELSA-2026-26323)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26323 advisory. - Resolves: Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled CVE-2026-34500 - Resolves: Tomcat: Cloud membership for clustering...

9.1CVSS7.3AI score0.15831EPSS
Exploits7References2
EUVD
EUVD
added 2026/06/22 12:31 p.m.8 views

EUVD-2026-38229

MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privileges could direct log output to a PHP file in a...

8.7CVSS6.6AI score0.00383EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.8 views

SUSE SLES15 Security Update : tomcat10 (SUSE-SU-2026:1603-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1603-1 advisory. Security fixes: - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open...

9.1CVSS8.8AI score0.15831EPSS
Exploits7References32
SUSE Linux
SUSE Linux
added 2026/04/24 11:48 a.m.6 views

Security update for tomcat

This update for tomcat fixes the following issues: Security fixes: CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. CVE-2026-25854: Occasionally open redirect bsc1261851. CVE-2026-29129: TLS cipher order is not preserved bsc1261852. CVE-2026-29145: OCSP checks sometimes...

8.7CVSS5.6AI score0.03494EPSS
Exploits1References40
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.13 views

openSUSE 16 Security Update : tomcat (openSUSE-SU-2026:20611-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20611-1 advisory. - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. -...

9.1CVSS5.6AI score0.15831EPSS
Exploits7References31
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.8 views

Apache Tomcat 10.1.22 < 10.1.54 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.54. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.54security-10 advisory. - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusteri...

7.5CVSS6AI score0.15831EPSS
Exploits6References9
OSV
OSV
added 2026/04/12 5:23 a.m.7 views

MGASA-2026-0095 Updated tomcat packages fix security vulnerabilities

Request smuggling via invalid chunk extension. CVE-2026-24880 Occasionally open redirect. CVE-2026-25854 TLS cipher order is not preserved. CVE-2026-29129 OCSP checks sometimes soft-fail even when soft-fail is disabled. CVE-2026-29145 EncryptInterceptor vulnerable to padding oracle attack by...

9.1CVSS5.8AI score0.15831EPSS
Exploits7References12
Github Security Blog
Github Security Blog
added 2026/04/09 9:31 p.m.10 views

Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

7.5CVSS5.8AI score0.00461EPSS
Exploits0References4Affected Software3
OSV
OSV
added 2026/04/09 8:16 p.m.7 views

UBUNTU-CVE-2026-34483

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

7.5CVSS5.8AI score0.00461EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/08 9:35 p.m.17 views

CVE-2026-40028 Hayabusa < 3.8.0 XSS via JSON Log Import

Hayabusa versions prior to 3.8.0 contain a cross-site scripting XSS vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the...

5.4CVSS0.002EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/08 9:0 p.m.5 views

Improper Encoding or Escaping of Output

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in JsonAccessLogValve, which relies on an unescaped append in generating JSON logs. If...

7.5CVSS5.8AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/16 7:51 a.m.4 views

Malicious Package

Overview json-log-stream is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References3
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-23960 Malicious code in json_log_formatter (npm)

The package jsonlogformatter was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in json_log_formatter (npm)

The package jsonlogformatter was found to contain malicious code...

7AI score
Exploits0
Rows per page
Query Builder