Lucene search
K

10 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/05 9:25 p.m.7 views

CVE-2026-40075

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...

8.2CVSS6AI score0.00558EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/04/09 8:16 p.m.11 views

CVE-2026-34500

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

6.5CVSS0.00469EPSS
Exploits0References2
CVE
CVE
added 2026/04/09 7:20 p.m.119 views

CVE-2026-29145

CVE-2026-29145 describes an authentication bypass in Apache Tomcat mutual TLS (CLIENT_CERT) when OCSP soft-fail is disabled. Affected are Tomcat 11.0.0-M1–11.0.18, 10.1.0-M7–10.1.52, and 9.0.83–9.0.115, plus Tomcat Native 1.1.23–1.1.34, 1.2.0–1.2.39, 1.3.0–1.3.6, and 2.0.0–2.0.13. With OCSP failu...

9.1CVSS5.8AI score0.00715EPSS
Exploits2References2Affected Software2
F5 Networks
F5 Networks
added 2025/10/08 11:8 p.m.7 views

K000156952: Apache Tomcat vulnerability CVE-2025-55668

Security Advisory Description Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgra...

6.5CVSS7AI score0.00775EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: tomcat (UTSA-2025-986121)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986121 advisory. Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1...

7.5CVSS7.1AI score0.54877EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/09/08 12:0 a.m.2 views

Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2025-1166)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1166 advisory. Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1...

7.5CVSS7AI score0.03389EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/08/11 7:33 p.m.300 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 – Apache Tomcat RCE Exploit Descrição ---------...

9.8CVSS7.4AI score0.99945EPSS
Exploits46
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-53506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum...

7.5CVSS7.3AI score0.01898EPSS
Exploits0References3
OSV
OSV
added 2021/03/05 11:2 a.m.4 views

OESA-2021-1075 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

5.9CVSS7.6AI score0.22852EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/01/22 1:36 p.m.7 views

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

7.5CVSS7.2AI score0.213EPSS
Exploits0References4
Rows per page
Query Builder