Lucene search
K

1706 matches found

CVE
CVE
added 2026/05/13 5:1 p.m.79 views

CVE-2026-44578

CVE-2026-44578 affects Next.js self-hosted deployments using the built-in Node.js server. The issue enables server-side request forgery via crafted WebSocket upgrade requests, allowing an attacker to proxy requests to internal or external destinations and potentially expose internal services or c...

8.6CVSS5.9AI score0.38811EPSS
Exploits9References6Affected Software1
OSV
OSV
added 2026/05/13 5:1 p.m.2 views

CVE-2026-44578 Next.js: Server-side request forgery in applications using WebSocket upgrades

Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the serve...

8.6CVSS6AI score0.38811EPSS
Exploits9References8
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-42498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: fro...

7.3CVSS7.1AI score0.00548EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.29 views

Apache Tomcat: LockOutRealm treats user names as case-sensitive

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions...

7.5CVSS5.7AI score0.00467EPSS
Exploits0References10Affected Software3
OSV
OSV
added 2026/05/12 4:16 p.m.5 views

DEBIAN-CVE-2026-43515

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from...

9.1CVSS5.8AI score0.01136EPSS
Exploits1References1
NVD
NVD
added 2026/05/12 4:16 p.m.27 views

CVE-2026-43513

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions...

7.5CVSS0.00467EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 4:16 p.m.23 views

CVE-2026-43512

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported...

9.8CVSS0.01233EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/12 3:33 p.m.127 views

CVE-2026-43515 Apache Tomcat: Security constraints not correctly applied

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from...

0.01136EPSS
Exploits1References1
CVE
CVE
added 2026/05/12 3:33 p.m.101 views

CVE-2026-43515

The CVE-2026-43515 issue is an Improper Authorization flaw in Apache Tomcat caused by multiple method constraints defining the HTTP method for the same extension. Affected versions include Tomcat 11.0.0-M1–11.0.21, 10.1.0-M1–10.1.54, 9.0.0.M1–9.0.117, 8.5.0–8.5.100, and 7.0.0–7.0.109. Mitigation ...

9.1CVSS5.8AI score0.01136EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/12 3:26 p.m.69 views

CVE-2026-43513 Apache Tomcat: LockOutRealm treats user names as case-sensitive

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions...

0.00467EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 3:17 p.m.9 views

CVE-2026-42498 Apache Tomcat: WebSocket authentication header exposure

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

5.8AI score0.00548EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/12 3:6 p.m.9 views

Arbitrary Code Injection

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted...

8.8CVSS6.2AI score0.00395EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.22 views

PT-2026-40071

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.21 Apache Tomcat versions 10.1.0-M1 through 10.1.54 Apache Tomcat versions 9.0.0.M1 through 9.0.117 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions prior to 7.0.0 Description An...

10CVSS5.8AI score0.01339EPSS
Exploits2References79
Patchstack
Patchstack
added 2026/05/11 3:55 p.m.12 views

NPM: Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades

NPM: Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades vulnerability discovered by ? in WordPress Npm next versions = 13.4.13, 15.5.16...

8.6CVSS5.8AI score0.38811EPSS
Exploits9References5Affected Software1
Snyk
Snyk
added 2026/05/11 3:55 p.m.11 views

Server-side Request Forgery (SSRF)

Overview next is a react framework. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via crafted WebSocket upgrade requests. An attacker can access internal or external resources by sending specially crafted requests with absolute-url that cause the server to...

8.6CVSS5.9AI score0.38811EPSS
Exploits9References2
Github Security Blog
Github Security Blog
added 2026/05/11 3:55 p.m.15 views

Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades

Impact Self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests. An attacker can cause the server to proxy requests to arbitrary internal or external destinations, which may expose internal services or...

8.6CVSS5.9AI score0.38811EPSS
Exploits9References5Affected Software1
Debian
Debian
added 2026/05/09 11:35 a.m.8 views

[SECURITY] [DSA 6259-1] pyjwt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6259-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 09, 2026 https://www.debian.org/security/faq -...

7.5CVSS6.7AI score0.00269EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/09 8:21 a.m.13 views

CVE-2026-41002

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...

8.1CVSS5.8AI score0.0022EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/07 6:0 p.m.31 views

Important: Red Hat Security Advisory: Satellite 6.16.8 Async Update

An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS7.2AI score0.00812EPSS
Exploits3References14
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 2:29 p.m.15 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses werkzeug-3.1.5-py3-none-any.whl which is vulnerable to CVE-2026-27199

Summary IBM Maximo Scheduler Optimizer uses werkzeug-3.1.5-py3-none-any.whl which is vulnerable to CVE-2026-27199. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web applicati...

6.3CVSS5.7AI score0.00556EPSS
Exploits1Affected Software1
Rows per page
Query Builder