Lucene search
K
RedhatRecent

115913 matches found

RedHat Linux
RedHat Linux
•added 2026/05/02 12:23 a.m.•7 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: curl: curl-8.20.0-0.1.hum1 aarch64, x8664 libcurl-8.20.0-0.1.hum1 aarch64, x8664 libcurl-devel-8.20.0-0.1.hum1 aarch64, x8664 libcurl-minimal-8.20.0-0.1.hum1 aarch64, x8664 curl-8.20.0-0.1.hum1.s...

7.5CVSS5.8AI score0.00639EPSS
Exploits6References8
RedHat Linux
RedHat Linux
•added 2026/05/01 3:45 p.m.•11 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: capstone: capstone-5.0.7-0.1.hum1 aarch64, x8664 capstone-devel-5.0.7-0.1.hum1 aarch64, x8664 capstone-java-5.0.7-0.1.hum1 noarch capstone-static-5.0.7-0.1.hum1 aarch64, x8664...

9.8CVSS7.2AI score0.00191EPSS
Exploits1References4
RedHat Linux
RedHat Linux
•added 2026/05/01 2:5 p.m.•11 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: glibc: compat-libpthread-nonshared-2.42-12.hum1 aarch64, x8664 glibc-2.42-12.hum1 aarch64, x8664 glibc-all-langpacks-2.42-12.hum1 aarch64, x8664 glibc-benchtests-2.42-12.hum1 aarch64, x8664...

9.8CVSS5.8AI score0.00451EPSS
Exploits3References7
RedHat Linux
RedHat Linux
•added 2026/05/01 9:46 a.m.•10 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: rust-rpm-sequoia: rpm-sequoia-1.10.1.1-1.2.hum1 aarch64, x8664 rpm-sequoia-devel-1.10.1.1-1.2.hum1 aarch64, x8664 rust-rpm-sequoia-1.10.1.1-1.2.hum1.src src Security Fixes: rust-rpm-sequoia:...

5.5CVSS5.8AI score0.00085EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/30 8:38 p.m.•8 views

openjdk: Improved Arena allocations (Oracle CPU 2026-04)

Vulnerability in Oracle Java SE component: Libraries. The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this...

3.7CVSS7.3AI score0.00206EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/30 8:38 p.m.•6 views

openjdk: Enhance TLS connection handling (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10;...

7.5CVSS7.3AI score0.00635EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/30 8:38 p.m.•8 views

freetype: Information disclosure or denial of service via specially crafted font files

A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or...

5.3CVSS7.2AI score0.00141EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/30 8:38 p.m.•8 views

openjdk: Enhance key generation (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

2.9CVSS7.4AI score0.00122EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/30 8:38 p.m.•7 views

openjdk: Enhance Zip file reading (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK:...

3.7CVSS7.3AI score0.00269EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/30 8:38 p.m.•13 views

openjdk: Enhance Path Factories Redux (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

7.5CVSS7.3AI score0.00702EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/30 8:38 p.m.•9 views

openjdk: Improve Kerberos credentialing (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

5.3CVSS7.4AI score0.0028EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/30 8:38 p.m.•8 views

openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

2.9CVSS7.4AI score0.00124EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/30 8:38 p.m.•16 views

openjdk: Enhance certificate chain validation (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

5.3CVSS7.4AI score0.00305EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/30 8:38 p.m.•22 views

Important: Red Hat Security Advisory: OpenJDK 25.0.3 Security Update for Windows Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

7.5CVSS7.7AI score0.00702EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/04/30 7:1 p.m.•34 views

libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...

7CVSS5.2AI score0.00188EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/04/30 7:1 p.m.•24 views

Important: Red Hat Security Advisory: libcap security update

An update for libcap is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7CVSS5.3AI score0.00188EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/04/30 5:53 p.m.•14 views

FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...

7.5CVSS5.5AI score0.00398EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/30 5:53 p.m.•11 views

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

7.5CVSS4.8AI score0.00426EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/30 5:53 p.m.•13 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

7.5CVSS6AI score0.00426EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/30 5:50 p.m.•8 views

Important: Red Hat Security Advisory: libcap security update

An update for libcap is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7CVSS5.3AI score0.00188EPSS
Exploits1References2
RedHat Linux
RedHat Linux
•added 2026/04/30 5:50 p.m.•8 views

libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...

7CVSS5.2AI score0.00188EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/04/30 5:40 p.m.•8 views

Important: Red Hat Bug Fix Advisory: Red Hat OpenShift GitOps v1.20.3 bug fix and enhancement update

Red Hat OpenShift GitOps v1.20.3 bug fix and enhancement update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-9699 CVE-2026-42880 Kubernetes Secret Extraction via ArgoCD ServerSideDiff gitops-1.20...

9.6CVSS5.8AI score0.00505EPSS
Exploits2References2
RedHat Linux
RedHat Linux
•added 2026/04/30 5:27 p.m.•7 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: uriparser: mingw32-uriparser-1.0.1-1.hum1 noarch mingw64-uriparser-1.0.1-1.hum1 noarch uriparser-1.0.1-1.hum1 aarch64, x8664 uriparser-devel-1.0.1-1.hum1 aarch64, x8664 uriparser-doc-1.0.1-1.hum1...

5.1CVSS5.2AI score0.00172EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/30 4:54 p.m.•9 views

FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...

7.5CVSS6.4AI score0.00398EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/30 4:54 p.m.•7 views

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

7.5CVSS5.6AI score0.00426EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/30 4:54 p.m.•15 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

7.5CVSS6.7AI score0.00426EPSS
Exploits0References3
RedHat Linux
RedHat Linux
•added 2026/04/30 4:40 p.m.•5 views

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

6.5CVSS5.2AI score0.00237EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/30 4:40 p.m.•6 views

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.2AI score0.0013EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/30 4:40 p.m.•72 views

Important: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

8.1CVSS5.6AI score0.00419EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/04/30 4:40 p.m.•28 views

OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option

A flaw was found in OpenSSH. This vulnerability arises from the incorrect handling of the authorizedkeys principals option in uncommon scenarios. Specifically, when a principals list is used with a Certificate Authority that includes comma characters, OpenSSH may misinterpret the input. This coul...

8.1CVSS5.3AI score0.00176EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/30 4:40 p.m.•19 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

8.1CVSS5.9AI score0.00247EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/30 4:40 p.m.•49 views

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

8.1CVSS5.5AI score0.00419EPSS
Exploits0References7
RedHat Linux
RedHat Linux
•added 2026/04/30 4:2 p.m.•7 views

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

8.4CVSS6.7AI score0.00201EPSS
Exploits2References5
RedHat Linux
RedHat Linux
•added 2026/04/30 4:2 p.m.•16 views

Important: Red Hat Security Advisory: OpenEXR security update

An update for OpenEXR is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

8.4CVSS6.1AI score0.00201EPSS
Exploits2References2
RedHat Linux
RedHat Linux
•added 2026/04/30 3:53 p.m.•10 views

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

7.8CVSS5.2AI score0.00173EPSS
Exploits0References8
RedHat Linux
RedHat Linux
•added 2026/04/30 3:53 p.m.•8 views

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.8CVSS5.5AI score0.00173EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/04/30 3:26 p.m.•10 views

Important: Red Hat Security Advisory: OpenEXR security update

An update for OpenEXR is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

8.4CVSS6.1AI score0.00201EPSS
Exploits2References2
RedHat Linux
RedHat Linux
•added 2026/04/30 3:26 p.m.•5 views

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

8.4CVSS6.7AI score0.00201EPSS
Exploits2References5
RedHat Linux
RedHat Linux
•added 2026/04/30 2:34 p.m.•12 views

Important: Red Hat Security Advisory: OpenEXR security update

An update for OpenEXR is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...

8.4CVSS6.1AI score0.00201EPSS
Exploits2References2
RedHat Linux
RedHat Linux
•added 2026/04/30 2:34 p.m.•9 views

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

8.4CVSS6.7AI score0.00201EPSS
Exploits2References5
RedHat Linux
RedHat Linux
•added 2026/04/30 2:33 p.m.•7 views

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

8.4CVSS6.7AI score0.00201EPSS
Exploits2References5
RedHat Linux
RedHat Linux
•added 2026/04/30 2:33 p.m.•11 views

Important: Red Hat Security Advisory: OpenEXR security update

An update for OpenEXR is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.4CVSS6.1AI score0.00201EPSS
Exploits2References2
RedHat Linux
RedHat Linux
•added 2026/04/30 2:22 p.m.•9 views

libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

7.8CVSS5.9AI score0.00553EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 2026/04/30 2:22 p.m.•10 views

Important: Red Hat Security Advisory: libtiff security update

An update for libtiff is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.8CVSS6.1AI score0.00553EPSS
Exploits0References2
RedHat Linux
RedHat Linux
•added 2026/04/30 2:2 p.m.•8 views

Apache Tomcat: Apache Tomcat: Improper Input Validation vulnerability due to incomplete fix

A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomplete fix for a previous security issue CVE-2025-66614. This flaw may allow an attacker to bypass security controls or cause unexpected behavior within the application...

9.1CVSS6.8AI score0.00307EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/30 2:2 p.m.•13 views

tomcat: security constraint bypass with HTTP/0.9

A flaw was found in Tomcat. An improper input validation vulnerability allows an attacker to bypass security constraints. Specifically, if a security constraint is configured to permit HEAD requests to a URI but deny GET requests, a malformed or specification invalid HEAD request using the HTTP/0...

6.5CVSS7.2AI score0.00494EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/30 2:2 p.m.•8 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.2 release and security update

Red Hat JBoss Web Server 6.2.2 is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

9.1CVSS7.5AI score0.00494EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/30 2:2 p.m.•11 views

tomcat: Client certificate verification bypass due to virtual host mapping

A certificate validation flaw has been found in Apache Tomcat. omcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one ...

9.1CVSS7AI score0.00235EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/30 1:58 p.m.•9 views

tomcat: security constraint bypass with HTTP/0.9

A flaw was found in Tomcat. An improper input validation vulnerability allows an attacker to bypass security constraints. Specifically, if a security constraint is configured to permit HEAD requests to a URI but deny GET requests, a malformed or specification invalid HEAD request using the HTTP/0...

6.5CVSS7.2AI score0.00494EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2026/04/30 1:58 p.m.•8 views

Apache Tomcat: Apache Tomcat: Improper Input Validation vulnerability due to incomplete fix

A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomplete fix for a previous security issue CVE-2025-66614. This flaw may allow an attacker to bypass security controls or cause unexpected behavior within the application...

9.1CVSS6.8AI score0.00307EPSS
Exploits0References5
Total number of security vulnerabilities115913