Security Bulletin: Vulnerabilities in tomcat affects IBM Netezza Appliance

Summary The tomcat package is used by IBM Netezza Appliance. IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-31651,CVE-2025-55752 Vulnerability Details CVEID:CVE-2025-31651 DESCRIPTION: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat...

USN-8338-1 apache2 vulnerabilities

It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. CVE-2023-38709 Will Dormann and David Warren discovered that Apache HTTP Server'...

Exploit for CVE-2026-9256

It should be noted that the /api route used by default in the Po...

RHCOS 6 : haproxy (RHSA-2013:0729)

The remote Red Hat Enterprise Linux CoreOS 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:0729 advisory. - haproxy: rewrite rules flaw can lead to arbitrary code execution CVE-2013-1912 Note that Nessus has not tested for this issue but has inste...

Astra Linux - уязвимость в tomcat9

There is an improper neutralization of vulnerabilities related to escape, meta, or control sequences in Apache Tomcat. For a subset of uncommon rewrite rule configurations, it was possible for a specially crafted request to bypass certain rewrite rules. If these rewrite rules effectively enforced...

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

CLSA-2026-1769701085 pki-servlet-engine: Fix of CVE-2025-31651

CVE-2025-31651: fix improper neutralization of escape, meta or control sequences to avoid bypassing rewrite rules...

TencentOS Server 3: tomcat (TSSA-2025:0984)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0984 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-14172

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...

Exploit for CVE-2025-14172

📄 Nuclei Template for CVE-2025-14172 🚀 Overview This repo...

WordPress WP Page Permalink Extension plugin <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Rewrite Rules Flush vulnerability discovered by Legion Hunter in WordPress Plugin WP Page Permalink Extension versions = 1.5.4...

CVE-2025-14172

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...

CVE-2025-14172 WP Page Permalink Extension <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...

CVE-2025-14172

The CVE-2025-14172 entry concerns the WP Page Permalink Extension WordPress plugin (affected versions up to and including 1.5.4). The vulnerability is a Missing Authorization issue in the cwpp_trigger_flush_rewrite_rules function tied to the wp_ajax_cwpp_trigger_flush_rewrite_rules AJAX action, e...

CVE-2025-14172 WP Page Permalink Extension <= 1.5.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Rewrite Rules Flush

The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the cwpptriggerflushrewriterules function hooked to wpajaxcwpptriggerflushrewriterules. This makes it possible fo...

PT-2026-1732

Name of the Vulnerable Software and Affected Versions WP Page Permalink Extension versions prior to 1.5.5 Description The WP Page Permalink Extension plugin for WordPress is susceptible to a missing authorization issue. This occurs because of a lack of authorization checks within the cwpp trigger...

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...

tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE

A directory traversal vulnerability in Apache Tomcat caused by improper URL normalization during request rewriting. When specific rewrite rules are used, an attacker could craft a malicious request to bypass access restrictions and reach protected directories such as /WEB-INF/ or /META-INF/. If...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-991301)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991301 advisory. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.For a subset of unlikely rewrite rule configurations, it was possible fo...

tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve

A flaw was found in Apache Tomcat's rewrite rule processing component. This vulnerability allows security constraints to be bypassed via specially crafted HTTP requests when specific, uncommon rewrite rule configurations are in use...