Lucene search
K

82 matches found

RedhatCVE
RedhatCVE
β€’added 2026/06/30 3:1 a.m.β€’12 views

CVE-2026-53404

A flaw was found in Apache Tomcat's rewrite valve. This vulnerability involves an incorrect control flow implementation where, during the processing of rewrite rules, if the first condition in an OR chain matched, subsequent non-OR conditions were unexpectedly skipped. This can lead to unintended...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References4
Snyk
Snyk
β€’added 2026/06/29 10:23 p.m.β€’5 views

Always-Incorrect Control Flow Implementation

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to incorrect control flow in the RewriteValve process. An attacker can bypass...

7.3CVSS5.8AI score0.00413EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
β€’added 2026/06/03 10:39 a.m.β€’13 views

Security Bulletin: Vulnerabilities in tomcat affects IBM Netezza Appliance

Summary The tomcat package is used by IBM Netezza Appliance. IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-31651,CVE-2025-55752 Vulnerability Details CVEID:CVE-2025-31651 DESCRIPTION: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat...

9.8CVSS7.4AI score0.66535EPSS
Exploits5Affected Software1
OSV
OSV
β€’added 2026/05/28 2:51 p.m.β€’23 views

USN-8338-1 apache2 vulnerabilities

It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. CVE-2023-38709 Will Dormann and David Warren discovered that Apache HTTP Server'...

9.8CVSS7.4AI score0.41611EPSS
Exploits2References16
GithubExploit
GithubExploit
β€’added 2026/05/28 8:22 a.m.β€’208 views

Exploit for CVE-2026-9256

It should be noted that the /api route used by default in the Po...

9.2CVSS5.8AI score0.04261EPSS
Exploits3
AstraLinux
AstraLinux
β€’added 2026/05/20 5:53 a.m.β€’7 views

Astra Linux – Vulnerability in Tomcat9

Improper neutralization of escape, meta, or control sequence vulnerabilities in Apache Tomcat. For a subset of uncommon rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, thos...

9.8CVSS6.7AI score0.0418EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
β€’added 2026/05/04 12:0 a.m.β€’6 views

RHCOS 6 : haproxy (RHSA-2013:0729)

The remote Red Hat Enterprise Linux CoreOS 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:0729 advisory. - haproxy: rewrite rules flaw can lead to arbitrary code execution CVE-2013-1912 Note that Nessus has not tested for this issue but has inste...

5.1CVSS6.4AI score0.05464EPSS
Exploits0References5
RedHat Linux
RedHat Linux
β€’added 2026/02/16 11:27 a.m.β€’4 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

9.8CVSS5.7AI score0.0418EPSS
Exploits1References5
OSV
OSV
β€’added 2026/01/29 3:38 p.m.β€’9 views

CLSA-2026-1769701085 pki-servlet-engine: Fix of CVE-2025-31651

CVE-2025-31651: fix improper neutralization of escape, meta or control sequences to avoid bypassing rewrite rules...

9.8CVSS7AI score0.0418EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
β€’added 2026/01/14 12:0 a.m.β€’9 views

TencentOS Server 3: tomcat (TSSA-2025:0984)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0984 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.8CVSS7.1AI score0.66535EPSS
Exploits5References3
RedhatCVE
RedhatCVE
β€’added 2026/01/13 10:53 p.m.β€’7 views

CVE-2025-14172

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...

6.5CVSS5.6AI score0.00376EPSS
Exploits1References1
GithubExploit
GithubExploit
β€’added 2026/01/13 11:14 a.m.β€’214 views

Exploit for CVE-2025-14172

πŸ“„ Nuclei Template for CVE-2025-14172 πŸš€ Overview This repo...

6.5CVSS6.5AI score0.00376EPSS
Exploits1
Patchstack
Patchstack
β€’added 2026/01/12 10:11 a.m.β€’12 views

WordPress WP Page Permalink Extension plugin <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Rewrite Rules Flush vulnerability discovered by Legion Hunter in WordPress Plugin WP Page Permalink Extension versions = 1.5.4...

6.5CVSS6.8AI score0.00376EPSS
Exploits1References1Affected Software1
NVD
NVD
β€’added 2026/01/09 12:15 p.m.β€’12 views

CVE-2025-14172

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...

6.5CVSS0.00376EPSS
Exploits1References3
CVE
CVE
β€’added 2026/01/09 11:15 a.m.β€’27 views

CVE-2025-14172

The CVE-2025-14172 entry concerns the WP Page Permalink Extension WordPress plugin (affected versions up to and including 1.5.4). The vulnerability is a Missing Authorization issue in the cwpp_trigger_flush_rewrite_rules function tied to the wp_ajax_cwpp_trigger_flush_rewrite_rules AJAX action, e...

6.5CVSS5.2AI score0.00376EPSS
Exploits1References3
Vulnrichment
Vulnrichment
β€’added 2026/01/09 11:15 a.m.β€’6 views

CVE-2025-14172 WP Page Permalink Extension <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...

6.5CVSS5.2AI score0.00376EPSS
Exploits1References3
Cvelist
Cvelist
β€’added 2026/01/09 11:15 a.m.β€’36 views

CVE-2025-14172 WP Page Permalink Extension <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...

6.5CVSS0.00376EPSS
Exploits1References3
Positive Technologies
Positive Technologies
β€’added 2026/01/09 12:0 a.m.β€’11 views

PT-2026-1732

Name of the Vulnerable Software and Affected Versions WP Page Permalink Extension versions prior to 1.5.5 Description The WP Page Permalink Extension plugin for WordPress is susceptible to a missing authorization issue. This occurs because of a lack of authorization checks within the cwpp trigger...

6.5CVSS6.1AI score0.00376EPSS
Exploits1References6
RedHat Linux
RedHat Linux
β€’added 2026/01/08 7:28 a.m.β€’14 views

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

9.8CVSS7.2AI score0.0418EPSS
Exploits1References5
RedHat Linux
RedHat Linux
β€’added 2026/01/08 7:23 a.m.β€’12 views

tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE

A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...

7.5CVSS7.7AI score0.66535EPSS
Exploits4References6
Rows per page
Query Builder