7 matches found
CVE-2026-40557
Summary: CVE-2026-40557 affects Apache Storm Prometheus Reporter (versions 2.6.3–2.8.6). The issue stems from PrometheusPreparableReporter implementing an INSECURE_TRUST_MANAGER and, when storm.daemon.metrics.reporter.plugin.prometheus.skip_tls_validation is enabled, triggering SSLContext.setDefa...
CVE-2026-41081 Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure
Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...
CVE-2026-41081
Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...
CVE-2026-41081
CVE-2026-41081 : In Apache Storm, TLS transport with default config (client certs not required) can assign a fallback principal CN=ANONYMOUS when a client certificate is missing or verification fails, because SSLPeerUnverifiedException is caught and connection is not rejected. This “fail-open” ca...
CVE-2024-9806
A vulnerability has been found in Craig Rodway Classroombookings up to 2.8.6 and classified as problematic. This vulnerability affects unknown code of the file /rooms/fields of the component Room Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiate...
PT-2024-39851 · Craig Rodway · Classroombookings
Name of the Vulnerable Software and Affected Versions: Craig Rodway Classroombookings versions up to 2.8.6 Description: A vulnerability has been found in the component Room Page, affecting unknown code of the file /rooms/fields. The manipulation of the argument Name leads to cross-site scripting...
PT-2024-6120 · WordPress · The Js Help Desk – The Ultimate Help Desk & Support Plugin
Name of the Vulnerable Software and Affected Versions: The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress versions up to, and including, 2.8.6 Description: The issue is related to incorrect code generation management in the plugin, allowing remote attackers to execute...