Lucene search
K

341 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-50645

There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by...

7.5CVSS0.00616EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-49875

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band OOB external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue...

9.8CVSS0.0019EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-36398

A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return CR and Line Feed LF characters. If an attacker can control the realm value, they can injec...

6.5CVSS5.4AI score0.00503EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/06/05 6:59 a.m.19 views

K000161596: Multiple Apache Tomcat vulnerabilities

Security Advisory Description CVE-2026-25854 Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through...

9.1CVSS5.8AI score0.03645EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/06/01 4:53 p.m.8 views

CVE-2026-45282 Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download...

6.5CVSS5.7AI score0.00294EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 4:52 p.m.7 views

EUVD-2026-33706

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore, the...

8.1CVSS5.7AI score0.00278EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 9:3 a.m.8 views

Security Bulletin: There is a vulnerability in netty-codec-http2-4.1.130.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33871)

Summary There is a vulnerability in netty-codec-http2-4.1.130.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...

8.7CVSS6.8AI score0.00604EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/27 3:2 p.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses picomatch-2.3.1.tgz, picomatch-4.0.3.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672

Summary IBM Maximo Application Suite - Visual Inspection component uses picomatch-2.3.1.tgz, picomatch-4.0.3.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33671...

7.5CVSS6.1AI score0.00412EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.9 views

PT-2026-43079

Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0 through 3.0.16 Apache Syncope versions 4.0 through 4.0.5 Apache Syncope version 4.1.0 Description An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL Java Expression Language...

4.9CVSS5.8AI score0.00436EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/12 9:20 p.m.5 views

Denial of Service (DoS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Denial of Service DoS through the handling of system resources. An attacker can cause the application to become unresponsive by sending specially crafted requests that...

8.7CVSS5.8AI score0.2255EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/12 3:17 p.m.5 views

CVE-2026-42498

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

7.3CVSS5.8AI score0.00548EPSS
Exploits0
Atlassian
Atlassian
added 2026/05/05 10:29 a.m.20 views

BASM (Broken Authentication & Session Management) in Confluence Data Center

This is a vulnerability in a non-Atlassian Confluence dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity BASM Broken Authentication & Session Management vulnerability was introduced in versions 9.1.0, 9.2.0, 9.3.1, 9.4.0,...

9.1CVSS5.8AI score0.00664EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 4:4 p.m.4 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2026-39304)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-39304 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2026-39304 DESCRIPTION: Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ...

7.5CVSS5.8AI score0.00683EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 9:3 p.m.3 views

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Apache-Velocity library

Summary Vulnerabilities have been identified in Apache-Velocity library, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java cod...

9CVSS6.1AI score0.22709EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/04/09 9:31 p.m.2 views

EUVD-2026-21018

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116,...

9.1CVSS6.6AI score0.00307EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 8:16 p.m.3 views

CVE-2026-34500

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

6.5CVSS0.00469EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 8:16 p.m.2 views

UBUNTU-CVE-2026-29145

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat...

9.1CVSS5.8AI score0.00664EPSS
Exploits1References4
CVE
CVE
added 2026/04/09 7:36 p.m.20 views

CVE-2026-34487

CVE-2026-34487 affects Apache Tomcat’s cloud membership for clustering component, where insertion of sensitive information into log files could expose Kubernetes bearer tokens. Affected versions are Tomcat 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.13 through 9.0.116. The issue...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 7:35 p.m.2 views

CVE-2026-34486 Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

5.8AI score0.01895EPSS
Exploits5References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:30 p.m.0 views

CVE-2026-34483

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

5.8AI score0.00461EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder