CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5819 matches found

SUSE CVE•added 2026/04/10 11:26 p.m.•5 views

SUSE CVE-2026-29145

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

4.8CVSS5.8AI score0.00664EPSS

Exploits1References10

CNVD•added 2026/04/10 12:0 a.m.•3 views

OpenClaw has an unspecified vulnerability (CNVD-2026-17487)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw has a security vulnerability that can be exploited by an attacker to execute native code after an operator approves misleading command text...

8CVSS5.9AI score0.00272EPSS

Exploits0

Tenable Nessus•added 2026/04/10 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-29145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This iss...

9.1CVSS5.5AI score0.00664EPSS

Exploits1References3

Github Security Blog•added 2026/04/09 9:31 p.m.•8 views

Apache Tomcat: CLIENT_CERT authentication does not fail as expected

9.1CVSS5.8AI score0.00664EPSS

Exploits1References10Affected Software2

EUVD•added 2026/04/09 9:31 p.m.•3 views

EUVD-2026-21011

5.8AI score0.00664EPSS

Exploits1References2

OSV•added 2026/04/09 9:31 p.m.•2 views

GHSA-95JQ-RWVF-VJX4 Apache Tomcat: CLIENT_CERT authentication does not fail as expected

9.1CVSS5.8AI score0.00664EPSS

Exploits1References10

RedHat Linux•added 2026/04/09 8:27 p.m.•4 views

Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions

A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the fs.realpathSync.native function. This vulnerability allows code operating under --permission with restricted --allow-fs-read flags to bypass...

3.3CVSS6.3AI score0.00158EPSS

Exploits0References5

OSV•added 2026/04/09 8:16 p.m.•3 views

DEBIAN-CVE-2026-29145

9.1CVSS5.3AI score0.00664EPSS

Exploits1References1

NVD•added 2026/04/09 8:16 p.m.•5 views

CVE-2026-29145

9.1CVSS0.00664EPSS

Exploits1References2

UbuntuCve•added 2026/04/09 8:16 p.m.•3 views

CVE-2026-29145

9.1CVSS5.8AI score0.00664EPSS

Exploits1References3

OSV•added 2026/04/09 8:16 p.m.•2 views

UBUNTU-CVE-2026-29145

9.1CVSS5.8AI score0.00664EPSS

Exploits1References4

Cvelist•added 2026/04/09 7:20 p.m.•17 views

CVE-2026-29145 Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled

0.00664EPSS

Exploits1References1

AlpineLinux•added 2026/04/09 7:20 p.m.•2 views

CVE-2026-29145

9.1CVSS5.8AI score0.00664EPSS

Exploits1

Apache Tomcat•added 2026/04/09 7:20 p.m.•7 views

Fixed in Apache Tomcat Native Connector 2.0.14 / 1.3.7

Moderate: OCSP checks sometimes soft-fail even when soft-fail is disabled CVE-2026-29145 CLIENTCERT authentication did not fail OCSP checks as expected for some scenarios when soft fail was disabled. This was fixed with commit bcea0ac2 2.0.x and 204f7f8a 1.3.x. This issue was reported to the Tomc...

9.1CVSS5.8AI score0.00664EPSS

Exploits1Affected Software1

ATTACKERKB•added 2026/04/09 7:20 p.m.•5 views

CVE-2026-29145

5.8AI score0.00664EPSS

Exploits1References2Affected Software2

Vulnrichment•added 2026/04/09 7:20 p.m.•2 views

CVE-2026-29145 Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled

5.8AI score0.00664EPSS

Exploits1References1

Debian CVE•added 2026/04/09 7:20 p.m.•3 views

CVE-2026-29145

9.1CVSS5.3AI score0.00664EPSS

Exploits1

CVE•added 2026/04/09 7:20 p.m.•67 views

CVE-2026-29145

CVE-2026-29145 describes an authentication bypass in Apache Tomcat mutual TLS (CLIENT_CERT) when OCSP soft-fail is disabled. Affected are Tomcat 11.0.0-M1–11.0.18, 10.1.0-M7–10.1.52, and 9.0.83–9.0.115, plus Tomcat Native 1.1.23–1.1.34, 1.2.0–1.2.39, 1.3.0–1.3.6, and 2.0.0–2.0.13. With OCSP failu...

9.1CVSS5.8AI score0.00664EPSS

Exploits1References2Affected Software2

HackRead•added 2026/04/09 1:0 p.m.•12 views

Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action

Austin, Texas, United States, 9th April 2026, CyberNewswire...

5.9AI score

Exploits0

CNNVD•added 2026/04/09 12:0 a.m.•2 views

Apache Tomcat和Apache Tomcat Native 安全漏洞

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server for the implementation of Servlet and JavaServer Page JSP support. Apache Tomcat client certificate has a validation flaw vulnerability, the vulnerability is due to allow revoked certificate/test...

9.1CVSS5.8AI score0.00664EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by