Lucene search
+L

1713 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/17 6:48 a.m.5 views

Security Bulletin: Due to use of jackrabbit-spi-commons IBM webMethods BPM is vulnerable to loading privileges using unsecured document build

Summary IBM webMethods BPM is using jackrabbit-spi-commons which is affected by a known vulnerability CVE-2025-53689. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-58782 DESCRIPTION: Deserialization of Untrusted Data vulnerability i...

8.8CVSS6.3AI score0.01286EPSS
Exploits0Affected Software1
Fedora
Fedora
added 2026/04/17 1:11 a.m.9 views

[SECURITY] Fedora 42 Update: nix-2.31.4-1.fc42

Nix is a purely functional package manager. It allows multiple versions of a package to be installed side-by-side, ensures that dependency specifications are complete, supports atomic upgrades and rollbacks, allows non-root users to install software, and has many other features. It is the basis o...

9CVSS5.8AI score0.00193EPSS
Exploits0
Fedora
Fedora
added 2026/04/16 11:41 p.m.9 views

[SECURITY] Fedora 44 Update: nix-2.34.5-1.fc44

Nix is a purely functional package manager. It allows multiple versions of a package to be installed side-by-side, ensures that dependency specifications are complete, supports atomic upgrades and rollbacks, allows non-root users to install software, and has many other features. It is the basis o...

9CVSS5.8AI score0.00193EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 6:5 p.m.3 views

Security Bulletin: A vulnerability in Apache Commons Lang may affect IBM Jazz Reporting Service (CVE-2025-48924)

Summary Apache Commons Lang is used by IBM Jazz Reporting Service. IBM Jazz Reporting Service has addressed the applicable CVE CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lan...

5.3CVSS6.8AI score0.02164EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/13 10:20 a.m.7 views

BIT-TOMCAT-2026-34500 Apache Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to version...

6.5CVSS5.8AI score0.00469EPSS
Exploits0References3
OSV
OSV
added 2026/04/13 10:20 a.m.3 views

BIT-TOMCAT-2026-34487 Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0 through 11.0.20, from 10.1.0 through 10.1.53, from 9.0.13 through 9.0.116. Users are...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References3
OSV
OSV
added 2026/04/13 10:19 a.m.4 views

BIT-TOMCAT-2026-25854 Apache Tomcat: Occasionally open redirect

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0 through 11.0.18, from 10.1.0 through 10.1.52, from 9.0.0 through 9.0.115, from 8.5.30 through 8.5.100. Other, unsupported...

6.1CVSS5.8AI score0.00526EPSS
Exploits0References3
OSV
OSV
added 2026/04/13 10:19 a.m.2 views

BIT-TOMCAT-2026-24880 Apache Tomcat: Request smuggling via invalid chunk extension

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0 through 11.0.18, from 10.1.0 through 10.1.52, from 9.0.0 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0...

7.5CVSS5.8AI score0.0052EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.15 views

PT-2026-32439

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0 through 11.0.18, from 10.1.0 through 10.1.52, from 9.0.0 through 9.0.115, from 8.5.30 through 8.5.100. Other, unsupported...

6.1CVSS5.8AI score0.00526EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/10 11:25 p.m.4 views

SUSE CVE-2026-32990

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116,...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/04/10 11:25 p.m.5 views

SUSE CVE-2026-34500

CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...

4.8CVSS5.8AI score0.00469EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/04/10 9:7 p.m.11 views

DNN: Same HostGUID for all new installs

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS5.2AI score0.00175EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/10 9:7 p.m.5 views

GHSA-2RHW-GW3F-477J DNN: Same HostGUID for all new installs

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References4
OSV
OSV
added 2026/04/10 12:31 p.m.4 views

GHSA-5568-6QCG-G7FX Apache ActiveMQ: Denial of Service via Out of Memory vulnerability

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...

7.5CVSS5.8AI score0.00896EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.9 views

PT-2026-32982

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/09 9:31 p.m.9 views

Apache Tomcat Missing Encryption of Sensitive Data vulnerability

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...

7.5CVSS5.8AI score0.21691EPSS
Exploits6References12Affected Software2
EUVD
EUVD
added 2026/04/09 9:31 p.m.4 views

EUVD-2026-21010

Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue...

5.8AI score0.00259EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 9:31 p.m.3 views

GHSA-9M3C-QCXR-9X87 Apache Tomcat has an Open Redirect vulnerability

Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other,...

6.9CVSS5.8AI score0.00526EPSS
Exploits0References4
OSV
OSV
added 2026/04/09 9:31 p.m.16 views

GHSA-H468-7PVH-8VR8 Apache Tomcat: Padding Oracle vulnerability in EncryptInterceptor

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are...

8.7CVSS5.8AI score0.0504EPSS
Exploits1References11
Cvelist
Cvelist
added 2026/04/09 9:26 p.m.25 views

CVE-2026-35625 OpenClaw < 2026.3.25 - Privilege Escalation via Silent Local Shared-Auth Reconnect

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator.read to operator.admin. Attackers can exploit this by triggering local reconnection to silently...

8.5CVSS0.00192EPSS
Exploits0References3
Rows per page
Query Builder