Lucene search
K

2677 matches found

OSV
OSV
added 2026/04/09 12:56 p.m.12 views

CLSA-2026-1775739369 pki-servlet-engine: Fix of 3 CVEs

CVE-2024-52316: fix JASPIC authentication bypass on ServerAuthContext exception - CVE-2025-55754: fix ANSI escape sequence injection in log messages - CVE-2025-46701: fix CGI servlet case sensitivity bypass of security constraints...

9.8CVSS7.3AI score0.09917EPSS
Exploits2References1
OSV
OSV
added 2026/04/08 1:24 p.m.11 views

CLSA-2026-1775646020 Update of pki-servlet-engine

Bump release...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 2:26 p.m.10 views

CVE-2021-27214

A Server-side request forgery SSRF vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting XSS attack against the administrative interface via an HTTP...

10CVSS6.4AI score0.03287EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/20 12:31 a.m.6 views

EUVD-2026-13347

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0...

9.1CVSS5.8AI score0.0048EPSS
Exploits2References2
vulnersOsv
vulnersOsv
added 2026/03/20 12:31 a.m.11 views

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +687 more potentially affected by CVE-2026-22731 via org.springframework.boot:spring-boot-starter-actuator (>=4.0.0-M1 <=4.0.3)

org.springframework.boot:spring-boot-starter-actuator MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.3.0 and more Source cves: CVE-2026-22731 Source advisory: OSV:GHSA-8HFC-FQ58-R658...

8.2CVSS7.2AI score0.00334EPSS
Exploits0
NVD
NVD
added 2026/03/19 11:16 p.m.7 views

CVE-2026-22732

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...

9.1CVSS0.0048EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/03/19 10:47 p.m.6 views

CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...

9.1CVSS5.8AI score0.0048EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:47 p.m.5 views

CVE-2026-22732

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...

9.1CVSS5.8AI score0.0048EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2026/03/19 10:47 p.m.27 views

CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...

9.1CVSS0.0048EPSS
Exploits2References1
CVE
CVE
added 2026/03/19 10:47 p.m.379 views

CVE-2026-22732

CVE-2026-22732 affects Spring Security; multiple non-legacy branches are impacted where HTTP response headers for servlet applications may not be written. Affected versions include 5.7.0–5.7.21, 5.8.0–5.8.23, 6.3.0–6.3.14, 6.4.0–6.4.14, 6.5.0–6.5.8, and 7.0.0–7.0.3. The description indicates a he...

9.1CVSS5.8AI score0.0048EPSS
Exploits2References1Affected Software1
EUVD
EUVD
added 2026/03/19 3:31 p.m.5 views

EUVD-2025-208877

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS6.7AI score0.3436EPSS
Exploits1References4
NVD
NVD
added 2026/03/19 2:16 p.m.9 views

CVE-2025-71260

BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserialization of untrusted data vulnerability in the ASP.NET servlet's VIEWSTATE handling that allows authenticated attackers to execute arbitrary code. Attackers can supply crafted serialized objects to the VIEWSTATE paramete...

8.8CVSS0.3436EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.7 views

Spring Security 安全漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. There is a security vulnerability in Spring Security, which occurs when using Spring Security to specify HTTP response headers for servlet applications, and the HTTP...

9.1CVSS7.2AI score0.0048EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.7 views

PT-2026-26435

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.0 through 5.7.21 Spring Security versions 5.8.0 through 5.8.23 Spring Security versions 6.3.0 through 6.3.14 Spring Security versions 6.4.0 through 6.4.14 Spring Security versions 6.5.0 through 6.5.8 Spring Securit...

9.4CVSS7.7AI score0.0048EPSS
Exploits2References66
vulnersOsv
vulnersOsv
added 2026/03/18 3:32 a.m.8 views

org.keycloak:keycloak-saml-adapter-galleon-pack (>=21.1.0 <=26.2.1), org.keycloak:keycloak-saml-jakarta-servlet-filter-adapter (>=21.1.0 <=22.0.4) +31 more potentially affected by CVE-2026-2092 via org.keycloak:keycloak-saml-adapter-core (>=1.6.0.Final <=26.2.1)

org.keycloak:keycloak-saml-adapter-core MAVEN version =1.6.0.Final, =21.1.0, =21.1.0, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =20.0.0, =20.0.0, =1.6.0.Final, =20.0.0, =1.6.0.Final, =20.0.0, =1.6.0.Final, =1.9.8.Final and more Source cves: CVE-2026-2092...

7.7CVSS5.4AI score0.00241EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

RuoYi-Vue-Plus 安全漏洞

RuoYi-Vue-Plus is a development framework created by the dromara organization in China. Versions of RuoYi-Vue-Plus 5.5.3 and earlier contain security vulnerabilities. These vulnerabilities stem from a lack of authorization checks in the SaServletFilter function of the Workflow Module component,...

6.5CVSS6.6AI score0.00253EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/02/16 6:55 p.m.4 views

tomcat: Apache Tomcat: Security constraint bypass for CGI scripts

A flaw was found in the CGI servlet component of Apache Tomcat. This vulnerability allows a security constraint bypass via improper handling of case sensitivity in the pathInfo component of a URI mapped to the CGI servlet...

7.3CVSS5.7AI score0.02736EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.8 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.13)

The version of AOS installed on the remote host is prior to 7.0.1.13. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.0.1.13 advisory. - Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forg...

8.6CVSS6.5AI score0.01916EPSS
Exploits3References6
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.17 views

GoAnywhere - Authentication Bypass

Fortra GoAnywhere MFT contains an insecure deserialization vulnerability in the License Servlet caused by deserializing attacker-controlled objects with a valid forged license response signature, letting attackers perform command injection, exploit requires valid forged license signature. id:...

10CVSS7.4AI score0.99614EPSS
Exploits3References3
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.129 views

📄 Mutiny 5.0-1.07 Directory Traversal

Mutiny version 5.0-1.07 directory traversal proof of concept exploit that demonstrates an issue originally discovered in 2013. ============================================================================================================================================= | Title : Mutiny 5.0-1.07...

8.5CVSS5.2AI score0.40338EPSS
Exploits8
Rows per page
Query Builder