Lucene search
K

7 matches found

CVE
CVE
added 2026/04/27 1:12 p.m.20 views

CVE-2026-40557

Summary: CVE-2026-40557 affects Apache Storm Prometheus Reporter (versions 2.6.3–2.8.6). The issue stems from PrometheusPreparableReporter implementing an INSECURE_TRUST_MANAGER and, when storm.daemon.metrics.reporter.plugin.prometheus.skip_tls_validation is enabled, triggering SSLContext.setDefa...

4.8CVSS5.2AI score0.00193EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/27 1:10 p.m.34 views

CVE-2026-41081 Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...

0.00286EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 1:10 p.m.3 views

CVE-2026-41081

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...

6.5CVSS5.1AI score0.00286EPSS
Exploits0References2
CVE
CVE
added 2026/04/27 1:10 p.m.34 views

CVE-2026-41081

CVE-2026-41081 : In Apache Storm, TLS transport with default config (client certs not required) can assign a fallback principal CN=ANONYMOUS when a client certificate is missing or verification fails, because SSLPeerUnverifiedException is caught and connection is not rejected. This “fail-open” ca...

6.5CVSS5.1AI score0.00286EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:16 a.m.3 views

CVE-2024-9806

A vulnerability has been found in Craig Rodway Classroombookings up to 2.8.6 and classified as problematic. This vulnerability affects unknown code of the file /rooms/fields of the component Room Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiate...

5.3CVSS5.3AI score0.0042EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.4 views

PT-2024-39851 · Craig Rodway · Classroombookings

Name of the Vulnerable Software and Affected Versions: Craig Rodway Classroombookings versions up to 2.8.6 Description: A vulnerability has been found in the component Room Page, affecting unknown code of the file /rooms/fields. The manipulation of the argument Name leads to cross-site scripting...

5.3CVSS4.4AI score0.0042EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.5 views

PT-2024-6120 · WordPress · The Js Help Desk – The Ultimate Help Desk & Support Plugin

Name of the Vulnerable Software and Affected Versions: The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress versions up to, and including, 2.8.6 Description: The issue is related to incorrect code generation management in the plugin, allowing remote attackers to execute...

10CVSS8.2AI score0.37899EPSS
Exploits0References14
Rows per page
Query Builder