Lucene search
+L

434 matches found

Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-57993

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.23 Apache Tomcat versions 10.1.0-M1 through 10.1.56 Apache Tomcat versions 9.0.13 through 9.0.119 Apache Tomcat versions 8.5.38 through 8.5.100 Apache Tomcat versions 7.0.100 through 7.0.109...

9.1CVSS6.1AI score0.00368EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Apache Tomcat 10.1.0.M1 < 10.1.57 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.57. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.57security-10 advisory. - Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allow...

9.1CVSS6.2AI score0.00376EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

Apache Tomcat 9.0.13 < 9.0.120 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.120. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.120security-9 advisory. - Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowe...

9.1CVSS6.2AI score0.00376EPSS
Exploits0References5
Cisco
Cisco
added 2026/07/08 4:0 p.m.36 views

Cisco Advance Notification for Publication of July 15, 2026, Security Advisories

On July 15, 2026, the Cisco Product Security Incident Response Team PSIRT published the following advisories: Cisco Security Advisory CVE ID Security Impact Rating CVSS Base Score Cisco RoomOS Security Hardening Release: July 2026...

8.8CVSS6.1AI score0.0034EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 9:35 a.m.7 views

EUVD-2026-41865

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...

7.3CVSS5.9AI score0.00399EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/07/02 10:12 a.m.18 views

CVE-2026-44740

A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted...

7.5CVSS6AI score0.00295EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/07/01 3:15 a.m.6 views

SUSE CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.9AI score0.00413EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-49434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entrie...

7.5CVSS6AI score0.00659EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 9:54 a.m.40 views

CVE-2026-49432 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

0.00844EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 9:16 p.m.9 views

CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS0.02569EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:36 p.m.18 views

CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

5.7AI score0.02569EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-50976

Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 2.3.6 CedarJava versions prior to 3.4.1 CedarJava versions prior to 4.9.0 Description Improper input handling in the toCedarExpr method on Cedar Value types allows for Cedar-expression injection. The method fails to...

8.8CVSS6.2AI score0.00294EPSS
Exploits0References4
NVD
NVD
added 2026/06/12 10:16 a.m.12 views

CVE-2026-50645

There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by...

7.5CVSS0.0046EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 a.m.15 views

CVE-2026-49875

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band OOB external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue...

9.8CVSS0.00527EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/12 8:58 a.m.14 views

EUVD-2026-36398

A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return CR and Line Feed LF characters. If an attacker can control the realm value, they can injec...

6.5CVSS5.4AI score0.00404EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 5:54 p.m.9 views

Security Bulletin: IBM SPSS Modeler is affected by vulnerabilities in Apache POI and Apache Commons Lang

Summary IBM SPSS Modeler is affected by vulnerabilities in Apache POI and Apache Commons Lang. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML...

5.3CVSS6.2AI score0.02164EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2026/06/05 6:59 a.m.25 views

K000161596: Multiple Apache Tomcat vulnerabilities

Security Advisory Description CVE-2026-25854 Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through...

9.1CVSS5.8AI score0.0504EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2026/06/01 5:9 p.m.13 views

CVE-2026-45691 Nextcloud: Bypass of second factor authentication on DAV endpoints

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS5.7AI score0.0029EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/01 4:53 p.m.14 views

CVE-2026-45282 Nextcloud: Logged-in user bypasses share password and download restrictions on Text attachments via documentId leads to unauthorized file access

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or download...

6.5CVSS5.7AI score0.00294EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 4:52 p.m.16 views

EUVD-2026-33706

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore, the...

8.1CVSS5.7AI score0.00284EPSS
Exploits0References3
Rows per page
Query Builder