Lucene search
K

72 matches found

Vulnrichment
Vulnrichment
added 2026/05/13 8:27 a.m.9 views

CVE-2026-5545 wrong reuse of HTTP Negotiate connection

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

5.8AI score0.00414EPSS
Exploits1References3
OSV
OSV
added 2026/04/28 10:28 p.m.6 views

GHSA-35HP-HQMV-8QG8 Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters

Summary Fiber cache middleware's default key generator uses only c.Path and does not include the query string. As a result, requests like /?id=1 and /?id=2 can map to the same cache key and share the same cached response. This can cause response mix-up cache poisoning-like behavior for endpoints...

6.5CVSS5.8AI score0.00251EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/04/28 10:28 p.m.14 views

Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters

Summary Fiber cache middleware's default key generator uses only c.Path and does not include the query string. As a result, requests like /?id=1 and /?id=2 can map to the same cache key and share the same cached response. This can cause response mix-up cache poisoning-like behavior for endpoints...

6.5CVSS5.3AI score0.00251EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/03/11 6:0 p.m.4 views

UBUNTU-CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.5CVSS5.8AI score0.00259EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/10/22 3:21 p.m.10 views

Hono Improper Authorization vulnerability

Improper Authorization in Hono JWT Audience Validation Hono’s JWT authentication middleware did not validate the aud Audience claim by default. As a result, applications using the middleware without an explicit audience check could accept tokens intended for other audiences, leading to potential...

8.1CVSS6.7AI score0.0035EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-12600

Malware in sbrugna...

4.9CVSS4.8AI score0.00912EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2025/10/02 6:11 a.m.4 views

Apache Tomcat: Request header mix-up between HTTP/2 streams

...

7.5CVSS7AI score0.24622EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2025/04/07 7:10 a.m.15 views

A week in security (March 31 – April 6)

Last week on Malwarebytes Labs: Why we’re no longer doing April Fools’ Day Intimate images from kink and LGBTQ+ dating apps left exposed online "Urgent reminder" tax scam wants to phish your Microsoft credentials "Nudify" deepfakes stored unprotected online Location, name, and photos of random ki...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/04/03 1:36 p.m.7 views

Location, name, and photos of random kids shown to parents in child tracker mix up

Not one but several worried parents that tracked their children by using T-Mobile tracking devices suddenly found that they were looking at the location of random other children. And could not locate their own. T-Mobile sells a small GPS tracker called SyncUP, which can be used to track, among...

7.1AI score
Exploits0
F5 Networks
F5 Networks
added 2025/02/19 6:35 p.m.19 views

K000149857: Apache Tomcat vulnerability CVE-2024-52317

Security Advisory Description Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through...

6.5CVSS8.1AI score0.02008EPSS
Exploits1Affected Software1
SUSE CVE
SUSE CVE
added 2025/01/12 12:14 a.m.2 views

SUSE CVE-2024-57805

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP The linkDMA should not be released on stop trigger since a stream re-start might happen without closing of the stream. This leaves a short time for other streams to...

4.7CVSS7.6AI score0.00172EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/11/22 4:51 p.m.17 views

CVE-2024-52317

A flaw was found in Apache Tomcat HTTP/2 handling. This vulnerability allows a request or response mix-up between users via incorrect recycling of request and response objects...

6.5CVSS6.5AI score0.02008EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/11/20 12:0 a.m.25 views

Apache Tomcat 10.1.0-M1 < 10.1.31 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host 9.0.0-M1 to 9.0.95, 10.1.0-M1 to 10.1.30 or 11.0.0-M1 to 11.0.0-M26. It is, therefore, affected by multiple vulnerabilities : - If Tomcat was configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component whi...

9.8CVSS9.1AI score0.06287EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2024/11/20 12:0 a.m.22 views

Apache Tomcat 9.0.0-M1 < 9.0.96 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host 9.0.0-M1 to 9.0.95, 10.1.0-M1 to 10.1.30 or 11.0.0-M1 to 11.0.0-M26. It is, therefore, affected by multiple vulnerabilities : - If Tomcat was configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component whi...

9.8CVSS9.1AI score0.06287EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2024/11/20 12:0 a.m.33 views

Apache Tomcat 11.0.0-M1 < 11.0.0 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host 9.0.0-M1 to 9.0.95, 10.1.0-M1 to 10.1.30 or 11.0.0-M1 to 11.0.0-M26. It is, therefore, affected by multiple vulnerabilities : - If Tomcat was configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component whi...

9.8CVSS9.1AI score0.06287EPSS
Exploits2References3
OSV
OSV
added 2024/11/18 12:15 p.m.5 views

DEBIAN-CVE-2024-52317

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

6.5CVSS7AI score0.02008EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/18 11:36 a.m.41 views

CVE-2024-52317 Apache Tomcat: Request/response mix-up with HTTP/2

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

0.02008EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2024/11/18 12:0 a.m.24 views

Apache Tomcat HTTP/2 Vulnerability (Nov 2024) - Linux

Apache Tomcat is prone to vulnerability in HTTP/2. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if description...

6.5CVSS6.3AI score0.02008EPSS
Exploits1References4
Apache Tomcat
Apache Tomcat
added 2024/10/09 12:0 a.m.30 views

Fixed in Apache Tomcat 11.0.0

Important: Request and/or response mix-up CVE-2024-52317 Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This was fixed with commit 9e840cca. This issue was identified by the Tomcat Security Team on 1 October 2024...

9.8CVSS7.3AI score0.06287EPSS
Exploits2Affected Software1
Apache Tomcat
Apache Tomcat
added 2024/10/09 12:0 a.m.49 views

Fixed in Apache Tomcat 9.0.96

Important: Request and/or response mix-up CVE-2024-52317 Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This was fixed with commit 47307ee2. This issue was identified by the Tomcat Security Team on 1 October 2024...

9.8CVSS7.9AI score0.06287EPSS
Exploits2Affected Software1
Rows per page
Query Builder