Search CVE reports


Toggle filters

471 – 480 of 30167 results

Status is adjusted based on your filters.


CVE-2026-55956

Medium priority
Needs evaluation

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat:...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS
tomcat6 Not in release
tomcat7 Not in release
tomcat8 Not in release
tomcat9 Needs evaluation
tomcat10 Needs evaluation
tomcat11 Needs evaluation
Show less packages

CVE-2026-55955

Medium priority
Needs evaluation

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS
tomcat6 Not in release
tomcat7 Not in release
tomcat8 Not in release
tomcat9 Needs evaluation
tomcat10 Needs evaluation
tomcat11 Needs evaluation
Show less packages

CVE-2026-55276

Medium priority
Needs evaluation

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat:...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS
tomcat6 Not in release
tomcat7 Not in release
tomcat8 Not in release
tomcat9 Needs evaluation
tomcat10 Needs evaluation
tomcat11 Needs evaluation
Show less packages

CVE-2026-53434

Medium priority
Needs evaluation

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS
tomcat6 Not in release
tomcat7 Not in release
tomcat8 Not in release
tomcat9 Needs evaluation
tomcat10 Needs evaluation
tomcat11 Needs evaluation
Show less packages

CVE-2026-53404

Medium priority
Needs evaluation

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat:...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS
tomcat6 Not in release
tomcat7 Not in release
tomcat8 Not in release
tomcat9 Needs evaluation
tomcat10 Needs evaluation
tomcat11 Needs evaluation
Show less packages

CVE-2026-50229

Medium priority
Needs evaluation

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 26.04 LTS
tomcat6 Not in release
tomcat7 Not in release
tomcat8 Not in release
tomcat9 Needs evaluation
tomcat10 Needs evaluation
tomcat11 Needs evaluation
Show less packages

CVE-2026-13758

Medium priority
Needs evaluation

CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt_done path. The decrypt_done($tag) form compares it against the computed tag with memNE (memcmp() != 0), which...

1 affected package

libcryptx-perl

Package 26.04 LTS
libcryptx-perl Needs evaluation
Show less packages

CVE-2026-56018

Medium priority
Needs evaluation

JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory growth. In JsMinify (XS.xs) the cleanup frees only the NodeSet structures and never the per-token contents...

1 affected package

libjavascript-minifier-xs-perl

Package 26.04 LTS
libjavascript-minifier-xs-perl Needs evaluation
Show less packages

CVE-2026-56017

Medium priority
Needs evaluation

JavaScript::Minifier::XS versions before 0.16 for Perl crash with a NULL pointer dereference when the first meaningful token of the input is a slash. The regexp versus division disambiguator in JsTokenizeString (XS.xs) inspects...

1 affected package

libjavascript-minifier-xs-perl

Package 26.04 LTS
libjavascript-minifier-xs-perl Needs evaluation
Show less packages

CVE-2026-13593

Medium priority
Needs evaluation

CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when processing a document containing only characters to be removed, such as...

1 affected package

libcss-minifier-xs-perl

Package 26.04 LTS
libcss-minifier-xs-perl Needs evaluation
Show less packages