Linux Distros Unpatched Vulnerability : CVE-2026-42498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: fro...

CVE-2026-42498 Apache Tomcat: WebSocket authentication header exposure

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

PT-2026-36941

Name of the Vulnerable Software and Affected Versions Nix versions 2.24.7 through 2.34.6 Description A directory traversal issue allows writing to arbitrary files when using the "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" commands. Recommendations Update to version 2.34.7...

PT-2026-32439

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0 through 11.0.18, from 10.1.0 through 10.1.52, from 9.0.0 through 9.0.115, from 8.5.30 through 8.5.100. Other, unsupported...

Users with read-only permissions for team folder can restore deleted files from trash bin

None...

EUVD-2025-15883

Malicious code in bioql PyPI...

OESA-2025-2243 tomcat security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Apache Tomcat is vulnerable to...

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-1065)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1065 advisory. Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before...

CVE-2025-22157

CVE-2025-22157 is a Privilege Escalation affecting Atlassian Jira Core Data Center and Server (versions 9.12.0, 10.3.0, 10.4.0, 10.5.0) and Jira Service Management Data Center and Server (versions 5.12.0, 10.3.0, 10.4.0, 10.5.0). The flaw allows an attacker to act as a higher-privileged user (CVS...

CVE-2025-26795 Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to Denial of Service vulnerability in Json-smart (CVE-2024-57699)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is susceptible to rDenial of Service vulnerability in Json-smart. A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of '', a stack exhaustion can be...

RHEL 8 / 9 : OpenShift Container Platform 4.14.40 (RHSA-2024:8700)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8700 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

PT-2023-3407 · Django +6 · Django +6

Name of the Vulnerable Software and Affected Versions: Django versions 3.2 through 3.2.18 Django versions 4.0 through 4.1.8 Django versions 4.2 through 4.2.0 Description: The issue is related to insufficient input validation in the forms.FileField and forms.ImageField components of the Django web...

Citrix Virtual Apps and Desktops Security Update

Description of Problem Vulnerabilities havebeen identified in CitrixVirtual Apps and Desktopsthat could, if exploited,result in: An authenticateduserof amulti-sessionWindowsVDA, who has been granted permission to write to c:\ root directory, being able toescalatetheir privilege levelon that...

GHSA-63XM-RX5P-XVQR Heap buffer overflow in Tensorflow

Impact The implementation of SparseFillEmptyRowsGrad uses a double indexing pattern: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/sparsefillemptyrowsop.ccL263-L269 It is possible for reverseindexmapi to be an index outside of bound...

Security Bulletin #00217

Courtesy of Sun Microsystems. -----BEGIN PGP SIGNED MESSAGE----- Sun Microsystems, Inc. Security Bulletin Bulletin Number: 00217 Date: March 18, 2002 Cross-Ref: Title: JavaTM Web Start The information contained in this Security Bulletin is provided "AS IS." Sun makes no warranties of any kind...

FreeBSD-SA-00:41.elf

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:41 Security Advisory FreeBSD, Inc. Topic: Malformed ELF images can cause a system hang Category: core Module: kernel Announced: 2000-08-28 Credits: Adam McDougall Affects...