Lucene search
+L

425 matches found

OSV
OSV
added 2026/02/17 9:31 p.m.4 views

GHSA-FPJ8-GQ4V-P354 Apache Tomcat - Client certificate verification bypass

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...

9.1CVSS6AI score0.00235EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/02/17 6:48 p.m.3 views

CVE-2025-66614 Apache Tomcat: Client certificate verification bypass due to virtual host mapping

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...

5.7AI score0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/17 6:48 p.m.7 views

CVE-2025-66614

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...

5.5AI score0.00235EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/17 6:48 p.m.106 views

CVE-2025-66614

CVE-2025-66614 is an improper input validation issue in Apache Tomcat. The vulnerability affects Tomcat versions 11.0.0-M1 through 11.0.14, 10.1.0-M1 through 10.1.49, and 9.0.0-M1 through 9.0.112, with older EOL versions (8.5.0–8.5.100) also listed as affected. The root cause is failure to verify...

9.1CVSS5.5AI score0.00235EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.8 views

Apache Tomcat 输入验证错误漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Vulnerabilities exist in versions of Apache Tomcat from 11.0.0-M1 to 11.0.14, from 10.1.0-M1 to 10.1.49, from 9.0.0-M1 to 9.0.11...

9.1CVSS6.8AI score0.00235EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/02/16 10:41 p.m.15 views

Python Cryptographic Authority: Fail-Open in set_tlsext_servername_callback on pyopenssl via unhandled exceptions leads to security bypass

A vulnerability was discovered in the pyopenssl library's handling of the Server Name Indication SNI callback settlsextservernamecallback. The internal wrapper for this callback catches all Python exceptions raised by user code but returns 0 Success/SSLTLSEXTERROK to the underlying OpenSSL engine...

5.8AI score
Exploits0
OSV
OSV
added 2026/02/12 8:16 p.m.5 views

CVE-2019-25346

TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...

7.5CVSS5.9AI score0.00454EPSS
Exploits1References3
NVD
NVD
added 2026/02/12 8:16 p.m.10 views

CVE-2019-25346

TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...

7.5CVSS0.00454EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/12 7:2 p.m.5 views

CVE-2019-25346

TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...

7.1CVSS5.9AI score0.00454EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/12 7:2 p.m.2 views

CVE-2019-25346 thesystem 1.0 - 'server_name' SQL Injection

TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...

7.5CVSS6AI score0.00454EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/12 7:2 p.m.31 views

CVE-2019-25346 thesystem 1.0 - 'server_name' SQL Injection

TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...

7.5CVSS0.00454EPSS
Exploits1References3
CVE
CVE
added 2026/02/12 7:2 p.m.13 views

CVE-2019-25346

CVE-2019-25346 pertains to TheSystem 1.0, with a SQL injection in the server_name parameter that enables authentication bypass. The vulnerability allows an attacker to inject SQL like ' or '1=1' to retrieve unauthorized database records and potentially access sensitive system information. Multipl...

7.5CVSS5.9AI score0.00454EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.7 views

thesystem SQL注入漏洞

TheSystem is a password management project developed by Kostas Mitroglou. Version 1.0 of thetheSystem has a SQL injection vulnerability, which stems from improper handling of the parameter servername, potentially leading to SQL injection attacks...

7.5CVSS5.8AI score0.00454EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.7 views

PT-2026-7882

TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...

7.1CVSS5.9AI score0.00454EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/11 2:56 p.m.4 views

CVE-2019-25311 thesystem Persistent XSS

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operatingsystem, systemowner, systemusername, systempassword,...

6.4CVSS5.5AI score0.00204EPSS
Exploits1References3
CVE
CVE
added 2026/02/11 2:56 p.m.15 views

CVE-2019-25311

The CVE concerns thesystem version 1.0, which contains a persistent cross-site scripting (XSS) vulnerability. Attackers can inject malicious scripts via multiple server input fields, specifically operating_system, system_owner, system_username, system_password, system_description, and server_name...

6.4CVSS5.5AI score0.00204EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.9 views

PT-2026-7606

Name of the Vulnerable Software and Affected Versions thesystem version 1.0 Description thesystem version 1.0 has a persistent cross-site scripting issue. Attackers can inject malicious scripts through several server data input fields. Specifically, crafted script payloads can be submitted in the...

6.4CVSS5.8AI score0.00204EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/02/05 4:13 p.m.3 views

CVE-2020-37120 Rubo DICOM Viewer 2.0 - Buffer Overflow (SEH)

Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler SEH. Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and...

9.8CVSS6.6AI score0.00453EPSS
Exploits0References3
CVE
CVE
added 2026/02/05 4:13 p.m.11 views

CVE-2020-37120

CVE-2020-37120 affects Rubo DICOM Viewer 2.0. The vulnerability is a buffer overflow in the DICOM server name input field that allows overwriting the Structured Exception Handler (SEH), enabling arbitrary code execution via a crafted text file. Connected sources provide details on vulnerable comp...

9.8CVSS6.6AI score0.00453EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.6 views

PT-2026-6565

Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler SEH. Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and...

9.8CVSS6.9AI score0.00453EPSS
Exploits0References4
Rows per page
Query Builder