Lucene search
K

5159 matches found

Nuclei
Nuclei
added 8 hours ago16 views

Web-Check < 2.0.1 Screenshot API - OS Command Injection

Lissy93/web-check contains a command injection caused by unsanitized user input in the screenshot API, letting attackers execute arbitrary system commands, exploit requires sending crafted url parameters. id: CVE-2025-32778 info: name: Web-Check 2.0.1 Screenshot API - OS Command Injection author:...

9.3CVSS6AI score0.19976EPSS
Exploits4References4
Nuclei
Nuclei
added 8 hours ago19 views

WordPress Burst Statistics 3.4.0-3.4.1.1 - Authentication Bypass

Burst Statistics – Privacy-Friendly WordPress Analytics plugin 3.4.0 to 3.4.1.1 contains an authentication bypass caused by incorrect return-value handling in ismainwpauthenticated function, letting unauthenticated attackers impersonate administrators, exploit requires knowledge of an administrat...

9.8CVSS5.8AI score0.14608EPSS
Exploits10References2
Nuclei
Nuclei
added 8 hours ago11 views

Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

8.8CVSS7.7AI score0.8581EPSS
Exploits2References3
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-40279

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

6.1CVSS5.7AI score0.00258EPSS
Exploits0References1
NVD
NVD
added 3 days ago9 views

CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

7.3CVSS0.00252EPSS
Exploits0References2
NVD
NVD
added 3 days ago13 views

CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS0.00186EPSS
Exploits0References2
OSV
OSV
added 3 days ago7 views

DEBIAN-CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS5.7AI score0.00173EPSS
Exploits0References1
OSV
OSV
added 3 days ago2 views

UBUNTU-CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.00186EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

0.00186EPSS
Exploits0References1
CVE
CVE
added 3 days ago24 views

CVE-2026-55955

CVE-2026-55955 describes an improper authentication flaw in Apache Tomcat’s EncryptionInterceptor for Tribes clustering, allowing a replay attack. Affected versions include Tomcat 11.0.0-M1–11.0.22, 10.1.0-M1–10.1.55, 9.0.13–9.0.18, 8.5.38–8.5.100, and 7.0.100–7.0.109. Remediation is to upgrade t...

6.5CVSS5.7AI score0.00148EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago25 views

CVE-2026-55276 Apache Tomcat: Logged effective web.xml is incomplete

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

0.00285EPSS
Exploits0References1
CVE
CVE
added 3 days ago28 views

CVE-2026-55276

Apache Tomcat vulnerability CVE-2026-55276 is a logging-only issue caused by an always-incorrect control flow in the effective web.xml, leading to special roles and empty authorization constraints not being shown. Affected products include Tomcat 8.5.0–8.5.100, 9.0.0.M1–9.0.118, 10.1.0-M1–10.1.55...

9.1CVSS5.7AI score0.00285EPSS
Exploits0References2
OSV
OSV
added 3 days ago5 views

PYSEC-2026-513 Rasa Allows Remote Code Execution via Remote Model Loading

Vulnerability A vulnerability has been identified in Rasa Pro and Rasa Open Source that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: - The HTTP API must be enabled on the...

9CVSS5.9AI score0.00895EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 3 days ago5 views

PT-2026-53741

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Description An incorrect control flow implementation...

5.7AI score0.00218EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 3 days ago5 views

PT-2026-53744

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.13 through 9.0.18 Apache Tomcat versions 8.5.38 through 8.5.100 Apache Tomcat versions 7.0.100 through 7.0.109...

5.8AI score0.00148EPSS
Exploits0References4
Debian
Debian
added 4 days ago5 views

[SECURITY] [DLA 4655-1] libhtml-parser-perl security update

Debian LTS Advisory DLA-4655-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin June 28, 2026 https://wiki.debian.org/LTS Package : libhtml-parser-perl Version : 3.75-1+deb11u1 CVE ID : CVE-2026-8829 Paul Johnson discovered that libhtml-parser-perl, a collection of...

7.5CVSS5.8AI score0.0031EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

EulerOS 2.0 SP15 : python-pillow (EulerOS-SA-2026-2502)

According to the versions of the python-pillow packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP- compressed data read when decoding a...

8.7CVSS7.2AI score0.00671EPSS
Exploits0References2
Debian
Debian
added 6 days ago4 views

[SECURITY] [DLA 4650-1] giflib security update

Debian LTS Advisory DLA-4650-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost June 26, 2026 https://wiki.debian.org/LTS Package : giflib Version : 5.1.9-2+deb11u1 $bookwormVERSION CVE ID : CVE-2026-23868 CVE-2026-26740 Debian Bug : 1130495 1131368 Two vulnerabilties...

8.2CVSS5.8AI score0.00488EPSS
Exploits1
Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-52698

Name of the Vulnerable Software and Affected Versions Apache Kerby versions prior to 2.1.2 Description An issue exists where the Kerberos pre-authentication check can be bypassed by sending a PA-DATA containing an unrecognized or unsupported type. Recommendations Upgrade to version 2.1.2...

7.3CVSS5.8AI score0.00321EPSS
Exploits0References6
Debian
Debian
added last week12 views

[SECURITY] [DSA 6365-1] libssh2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6365-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 25, 2026 https://www.debian.org/security/faq -...

9.2CVSS6AI score0.00732EPSS
Exploits10
Rows per page
Query Builder