Lucene search
K

5167 matches found

Nuclei
Nuclei
added 14 hours ago16 views

Web-Check < 2.0.1 Screenshot API - OS Command Injection

Lissy93/web-check contains a command injection caused by unsanitized user input in the screenshot API, letting attackers execute arbitrary system commands, exploit requires sending crafted url parameters. id: CVE-2025-32778 info: name: Web-Check 2.0.1 Screenshot API - OS Command Injection author:...

9.3CVSS6.1AI score0.19976EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday20 views

WordPress Burst Statistics 3.4.0-3.4.1.1 - Authentication Bypass

Burst Statistics – Privacy-Friendly WordPress Analytics plugin 3.4.0 to 3.4.1.1 contains an authentication bypass caused by incorrect return-value handling in ismainwpauthenticated function, letting unauthenticated attackers impersonate administrators, exploit requires knowledge of an administrat...

9.8CVSS5.9AI score0.14608EPSS
Exploits10References2
NVD
NVD
added yesterday4 views

CVE-2026-47897

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Lucene.Net Lucene.Net.Replicator library. This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018,...

8.9CVSS
Exploits0References2
CVE
CVE
added yesterday13 views

CVE-2026-47897

CVE-2026-47897 is a path traversal vulnerability in Apache Lucene.Net.Replicator. Affected: Lucene.Net.Replicator library (versions from 4.8.0-beta00005 up to, but before, 4.8.0-beta00018). Root cause: improper limitation of a pathname to a restricted directory, enabling potential access to restr...

8.9CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-41518

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Lucene.Net Lucene.Net.Replicator library. This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018,...

8.9CVSS5.9AI score
Exploits0References1
Nuclei
Nuclei
added 2 days ago11 views

Apache ActiveMQ < 5.16.5/5.17.3 - Remote Code Execution

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

8.8CVSS7.7AI score0.8581EPSS
Exploits2References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-40279

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

6.1CVSS5.7AI score0.00563EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-53840

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Description An improper authorization issue exists where an authenticated user with low privileges can access the /admin/ endpoints in the Web Console. This...

8.1CVSS5.9AI score0.0051EPSS
Exploits0References7
NVD
NVD
added 5 days ago10 views

CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

7.3CVSS0.00431EPSS
Exploits0References2
NVD
NVD
added 5 days ago13 views

CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS0.00383EPSS
Exploits0References2
OSV
OSV
added 5 days ago7 views

DEBIAN-CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS5.7AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 5 days ago2 views

UBUNTU-CVE-2026-55956

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

6.5CVSS5.7AI score0.00383EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

0.00383EPSS
Exploits0References1
CVE
CVE
added 5 days ago34 views

CVE-2026-55955

CVE-2026-55955 describes an improper authentication flaw in Apache Tomcat’s EncryptionInterceptor for Tribes clustering, allowing a replay attack. Affected versions include Tomcat 11.0.0-M1–11.0.22, 10.1.0-M1–10.1.55, 9.0.13–9.0.18, 8.5.38–8.5.100, and 7.0.100–7.0.109. Remediation is to upgrade t...

6.5CVSS5.7AI score0.00261EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-55276 Apache Tomcat: Logged effective web.xml is incomplete

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

0.00368EPSS
Exploits0References1
CVE
CVE
added 5 days ago37 views

CVE-2026-55276

Apache Tomcat vulnerability CVE-2026-55276 is a logging-only issue caused by an always-incorrect control flow in the effective web.xml, leading to special roles and empty authorization constraints not being shown. Affected products include Tomcat 8.5.0–8.5.100, 9.0.0.M1–9.0.118, 10.1.0-M1–10.1.55...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago4 views

Security Bulletin: Multiple Vulnerabilities in IBM DevOps Build.

Summary Multiple vulnerabilities were addressed in IBM DevOps Build 7.1.0.4. Vulnerability Details CVEID:CVE-2026-41284 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M...

9.8CVSS7.4AI score0.01339EPSS
Exploits3Affected Software1
OSV
OSV
added 5 days ago5 views

PYSEC-2026-513 Rasa Allows Remote Code Execution via Remote Model Loading

Vulnerability A vulnerability has been identified in Rasa Pro and Rasa Open Source that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: - The HTTP API must be enabled on the...

9CVSS5.9AI score0.00895EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-53744

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.13 through 9.0.18 Apache Tomcat versions 8.5.38 through 8.5.100 Apache Tomcat versions 7.0.100 through 7.0.109...

5.8AI score0.00261EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-53741

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Description An incorrect control flow implementation...

5.7AI score0.00413EPSS
Exploits0References4
Rows per page
Query Builder