Lucene search
K

2077 matches found

OSV
OSV
added 2026/02/17 7:21 p.m.3 views

UBUNTU-CVE-2026-24734

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

7.5CVSS5.7AI score0.00498EPSS
Exploits0References3
CVE
CVE
added 2026/02/17 6:53 p.m.111 views

CVE-2026-24734

CVE-2026-24734 is an Improper Input Validation vulnerability affecting Apache Tomcat Native and Apache Tomcat itself. When using an OCSP responder, Tomcat Native (and the Tomcat Native FFM port) may not perform verification or freshness checks on OCSP responses, potentially allowing certificate r...

7.5CVSS5.4AI score0.00498EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2026/02/17 6:53 p.m.30 views

CVE-2026-24734 Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

0.00498EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/02/17 6:53 p.m.3 views

CVE-2026-24734

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

7.5CVSS6.6AI score0.00498EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/17 6:53 p.m.2 views

CVE-2026-24734 Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

5.8AI score0.00498EPSS
Exploits0References1
Apache Tomcat
Apache Tomcat
added 2026/02/17 6:53 p.m.7 views

Fixed in Apache Tomcat Native Connector 2.0.12 / 1.3.5

Moderate: Incomplete OCSP verification checks CVE-2026-24734 When using an OCSP responder, Tomcat Native did complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. This issue was reported to the Tomcat security team on 2 November...

7.5CVSS5.4AI score0.00498EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/02/17 5:15 p.m.4 views

GHSA-HR7J-63V7-VJ7G Pterodactyl Panel's SFTP sessions remain active after user account deletion or password change

Summary Deleting a user account with SFTP access or changing the user's password does not immediately terminate existing SFTP sessions, allowing continued filesystem access after credentials are revoked. This can result in unintended and unauthorized access to server files even after administrato...

7.5CVSS5.5AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/17 5:15 p.m.19 views

Pterodactyl Panel's SFTP sessions remain active after user account deletion or password change

Summary Deleting a user account with SFTP access or changing the user's password does not immediately terminate existing SFTP sessions, allowing continued filesystem access after credentials are revoked. This can result in unintended and unauthorized access to server files even after administrato...

5.5AI score
Exploits0References4Affected Software2
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.7 views

Apache Tomcat和Apache Tomcat Native 输入验证错误漏洞

Apache Tomcat and Apache Tomcat Native are both products of the Apache Foundation in the United States. Apache Tomcat is a lightweight web application server that supports Servlet and JavaServer Page JSP technologies. Apache Tomcat Native is a native component library. There is an input validatio...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/16 10:0 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when using an OCSP responder. OCSP response verification and freshness checks can be bypassed, allowing certificate revocation to be bypassed. Remediation Upgrade org.apache.tomcat:tomcat-coyote-ffm to version...

8.7CVSS5.5AI score0.00498EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/16 10:0 p.m.2 views

Incorrect Authorization

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Incorrect Authorization when using an OCSP responder. OCSP response verification and freshness checks can be bypassed, allowing certificate revocation to be...

8.7CVSS5.5AI score0.00498EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/02/07 12:26 a.m.5 views

SUSE CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...

2.1CVSS5.3AI score0.00133EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/07 12:26 a.m.6 views

SUSE CVE-2026-20883

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

6.5CVSS5.3AI score0.00333EPSS
Exploits0References3
OSV
OSV
added 2026/01/30 8:40 a.m.4 views

BIT-GITEA-2026-20883 Gitea Stopwatch API Missing Authorization Check Leads to Post-Revocation Information Disclosure

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches...

6.5CVSS5.9AI score0.00333EPSS
Exploits0References6
OSV
OSV
added 2026/01/30 8:40 a.m.3 views

BIT-GITEA-2026-20800 Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...

6.5CVSS5.9AI score0.00344EPSS
Exploits0References5
OSV
OSV
added 2026/01/30 8:40 a.m.3 views

BIT-GITEA-2026-0798 Gitea Release Email Notifications Leak Private Repository Release Details After Access Revocation

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

3.5CVSS5.8AI score0.00237EPSS
Exploits0References5
Apache Tomcat
Apache Tomcat
added 2026/01/27 12:0 a.m.10 views

Fixed in Apache Tomcat 10.1.52

Moderate: Incomplete OCSP verification checks CVE-2026-24734 When using an OCSP responder, Tomcat's FFM integration with OpenSSL did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. Affects: 10.1.0-M7 to 10.1.51 This issue...

7.5CVSS5.4AI score0.00498EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2026/01/26 12:0 a.m.9 views

Fixed in Apache Tomcat 11.0.18

Moderate: Incomplete OCSP verification checks CVE-2026-24734 When using an OCSP responder, Tomcat's FFM integration with OpenSSL did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. Affects: 11.0.0-M1 to 11.0.17 This issue...

7.5CVSS5.4AI score0.00498EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2026/01/23 12:0 a.m.9 views

Fixed in Apache Tomcat 9.0.115

Moderate: Incomplete OCSP verification checks CVE-2026-24734 When using an OCSP responder, Tomcat's FFM integration with OpenSSL did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. Affects: 9.0.83 to 9.0.114 This issue wa...

7.5CVSS5.4AI score0.00498EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/01/22 10:50 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

6.5CVSS5.5AI score0.00333EPSS
Exploits0References2
Rows per page
Query Builder