Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability (CVE-2025-12635)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled. Vulnerability Details Refer to the security...

EUVD-2012-2309

Malware in sbrugna...

EUVD-2020-29360

Malware in sbrugna...

EUVD-2003-0940

Malware in sbrugna...

EUVD-2002-1621

Malware in sbrugna...

CVE-2025-10035 - Critical unauthenticated RCE in GoAnywhere MFT

Overview On September 18, 2025, Fortra published an advisory for CVE-2025-10035. This new vulnerability affects GoAnywhere MFT, an enterprise managed file transfer solution, and allows an attacker to achieve unauthenticated remote code execution. GoAnywhere MFT is a file transfer solution that ha...

Linux Distros Unpatched Vulnerability : CVE-2018-11784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting ...

VulnCheck KEV: CVE-2012-3153

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU...

Apache Tomcat - CGI security constraint bypass

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1...

Apache Tomcat 安全漏洞

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. A security bypass vulnerability exists in Apache Tomcat due to improper handling of a case-sensitive vulnerability in the GCI servle...

ABB Cylon Aspect 3.08.03 (MIX->NTPServlet) Time Manipulation

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description ABB Cylon Aspect MIX's NTPServlet allows NTP config changes via the...

Pix Software Vivaz 安全漏洞

Pix Software Vivaz is an application from Pix Software. A security vulnerability exists in Pix Software Vivaz version 6.0.10, which stems from the usuario parameter in the /servlet?act=login location contains a SQL injection vulnerability...

The vulnerability of Eclipse Jetty servlet containers, related to errors in processing input data length parameters, allows attackers to execute “HTTP request hijacking” attacks.

The vulnerability of Eclipse Jetty servlet containers is related to errors in processing parameter values related to input data length. Exploiting this vulnerability can allow a malicious actor to carry out a “HTTP request hijacking” attack remotely...

PT-2026-5402

Name of the Vulnerable Software and Affected Versions Undertow affected versions not specified Description A flaw exists in Undertow where servlets utilizing a method that calls HttpServletRequestImpl.getParameterNames may experience an OutOfMemoryError when handling client requests with...

The vulnerability of the UpLoadServlet class in the ProSafe Network Management NMS300 system allows a perpetrator to execute arbitrary code.

The vulnerability of the UpLoadServlet class in the ProSafe Network Management NMS300 system, which is used for managing, diagnosing, and optimizing the operation of network devices, is related to buffer overflow attacks. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

PT-2022-9028 · Indeed · Indeed Engineering

Name of the Vulnerable Software and Affected Versions: Indeed Engineering util versions up to 1.0.33 Description: A problematic vulnerability has been found, affecting the function visit/appendTo of the file...

Vulnerability fixed in Tomcat

Two vulnerabilities have been discovered in the Tomcat servlet and the JSP engine, which could lead to information disclosure or denial of service. -= Debian =- Debian has made updates to tomcat9 available for Debian 10.0 Buster to address the vulnerabilities. You can install the custom packages ...

IBM Cognos Analytics Denial of Service Vulnerability (CNVD-2020-57820)

IBM Cognos Analytics is a suite of business intelligence software from IBM USA that provides valuable information, secure data governance and reporting. A denial of service vulnerability exists in IBM Cognos Analytics version 11.0, 11.1. The vulnerability stems from a failure to catch an exceptio...

Kronos WebTA "com.threeis.webta.H402editUser" servlet elevation of privilege vulnerability

Kronos WebTA is an attendance system. A security vulnerability in the Kronos WebTA "com.threeis.webta.H402editUser" servlet implementation can be exploited by a remote attacker to submit a special request that can be used to gain administrative privileges...

The vulnerability of Eclipse Jetty servlet containers, related to the lack of protection for service data, allows attackers to exploit the protected information.

The vulnerability of Eclipse Jetty servlet containers is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...