Lucene search
+L

106498 matches found

OSV
OSV
added 3 days ago4 views

CVE-2026-15747 Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle

Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. csrftoken generates and caches one token per session and returns the same value on every call, and csrffield places that value in a hidden csrftoken input...

9.1CVSS6.1AI score0.00248EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago24 views

CVE-2026-15747 Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle

Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. csrftoken generates and caches one token per session and returns the same value on every call, and csrffield places that value in a hidden csrftoken input...

0.00248EPSS
Exploits0References2
CVE
CVE
added 3 days ago8 views

CVE-2026-15747

CVE-2026-15747 affects Mojolicious on Perl: versions 4.59 up to (but excluding) 9.48 expose a stable CSRF token representation to a BREACH compression oracle. _csrf_token caches a single per-session token and _csrf_field outputs it in a hidden input; when a response includes attacker-controlled i...

9.1CVSS6.1AI score0.00248EPSS
Exploits0References3
Nuclei
Nuclei
added 3 days ago206 views

Oracle WebLogic Server - Remote Code Execution

Oracle WebLogic Server Oracle Fusion Middleware component: WLS Core Components is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated...

9.8CVSS7.5AI score0.93168EPSS
Exploits18References5
Nuclei
Nuclei
added 3 days ago375 views

Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)

An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. id: CVE-2012-3153 info: name: Oracle Forms &...

9.1CVSS6.9AI score0.98695EPSS
Exploits11References5
Positive Technologies
Positive Technologies
added 3 days ago4 views

PT-2026-58293

Name of the Vulnerable Software and Affected Versions Mojolicious versions 4.59 through 9.47 Description The software exposes a stable representation of the session CSRF token to a BREACH compression oracle. This occurs because the csrf token function generates and caches one token per session,...

9.1CVSS6.1AI score0.00248EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 3 days ago5 views

Oracle Linux 8 : xorg-x11-server-Xwayland (ELSA-2026-38488)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-38488 advisory. 21.1.3-20.3 - CVE fix for: CVE-2026-55999 Resolves: https://redhat.atlassian.net/browse/RHEL-191516 Tenable has extracted the preceding description block...

8.5CVSS6.2AI score0.00212EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 4 days ago4 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS7AI score0.0504EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 4 days ago5 views

Important: Red Hat Security Advisory: tomcat security, bug fix, and enhancement update

An update for tomcat is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS7AI score0.21691EPSS
Exploits6References4
Nuclei
Nuclei
added 4 days ago164 views

Oracle WebLogic Server Administration Console - Remote Code Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. id:...

9.8CVSS7.1AI score0.8883EPSS
Exploits11References5
Oracle linux
Oracle linux
added 4 days ago5 views

kernel security, bug fix, and enhancement update

4.18.0-553.141.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

7.8CVSS7AI score0.0031EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Oracle Linux 9 : xorg-x11-server (ELSA-2026-38486)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-38486 advisory. 1.20.11-34.3 - CVE fix for CVE-2026-55999 Resolves: https://redhat.atlassian.net/browse/RHEL-191493 Tenable has extracted the preceding description block...

8.5CVSS6.2AI score0.00212EPSS
Exploits0References2
Nuclei
Nuclei
added 6 days ago64 views

Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware Web Services versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic...

7.4CVSS7AI score0.96281EPSS
Exploits9References5
Nuclei
Nuclei
added 6 days ago258 views

Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion

Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests. id: CVE-2017-1000028 info: name: Oracle GlassFish Server Open Source Edition 4.1 - Loc...

7.5CVSS7AI score0.99479EPSS
Exploits7References5
Nuclei
Nuclei
added 6 days ago288 views

Oracle Access Manager - Remote Code Execution

The Oracle Access Manager portion of Oracle Fusion Middleware component: OpenSSO Agent is vulnerable to remote code execution. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with...

9.8CVSS7.1AI score0.96284EPSS
Exploits5References5
Nuclei
Nuclei
added 6 days ago22 views

Oracle E-Business Suite - Server-Side Request Forgery

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: Runtime UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. id:...

7.5CVSS7AI score0.97788EPSS
Exploits6References5
OSV
OSV
added 2026/07/10 12:5 p.m.2 views

RLSA-2026:36790 Important: tomcat9 security, bug fix, and enhancement update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

7.5CVSS6.9AI score0.21691EPSS
Exploits6References3
Rockylinux
Rockylinux
added 2026/07/10 12:5 p.m.7 views

tomcat9 security, bug fix, and enhancement update

An update is available for tomcat9. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Tomcat is the servlet container that is used in the official Reference...

9.1CVSS6.2AI score0.21691EPSS
Exploits8
OSV
OSV
added 2026/07/10 12:3 p.m.3 views

RLSA-2026:36879 Important: tomcat security, bug fix, and enhancement update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor CVE-2026-29146 Apache Tomcat: Apache Tomcat: Missing Encryption of Sensitive...

7.5CVSS7AI score0.21691EPSS
Exploits6References3
Rockylinux
Rockylinux
added 2026/07/10 12:3 p.m.8 views

tomcat security, bug fix, and enhancement update

An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages...

7.5CVSS6.2AI score0.21691EPSS
Exploits6
Rows per page
Query Builder