CVE-2026-24734

Overview

Apache Software Foundation
Apache Tomcat Native

17 Feb 2026

Published

17 Feb 2026

Updated

CVSS

Pending

EPSS

0.03%

MITRE

KEV

Description

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. This issue affects Apache Tomcat Native: from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114. The following versions were EOL at the time the CVE was created but are known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected. Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue. Apache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue.

Statistics

2 Posts

Last activity: 15 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

Critical #Tomcat 11 update for openSUSE Tumbleweed. Version 11.0.18-1.1 fixes CVE-2025-66614, CVE-2026-24733, and CVE-2026-24734. Read more: 👉 tinyurl.com/pzdjwutx #openSUSE

0
0
0
15h ago

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

🚨 #openSUSE Tumbleweed ships Tomcat 9.0.115-1.1, addressing 3 CVEs (CVE-2025-66614, CVE-2026-24733, CVE-2026-24734). Read more: 👉 tinyurl.com/2rb5a6t3 #Security

0
0
0
15h ago

CVE-2025-41711

Overview

Janitza
UMG 96RM-E 24V(5222063)

10 Mar 2026

Published

10 Mar 2026

Updated

CVSS v3.1

MEDIUM (5.3)

EPSS

Pending

MITRE

KEV

Description

An unauthenticated remote attacker can use firmware images to extract password hashes and brute force plaintext passwords of accounts with limited access.

Statistics

2 Posts
4 Interactions

Last activity: 4 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230

An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/

#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json

1
1
0
4h ago

CERT@VDE @certvde

#OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E

An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711

https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json

1
1
0
4h ago

CVE-2025-41712

Overview

Janitza
UMG 96RM-E 24V(5222063)

10 Mar 2026

Published

10 Mar 2026

Updated

CVSS v3.1

MEDIUM (6.5)

EPSS

Pending

MITRE

KEV

Description

An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server.

Statistics

2 Posts
4 Interactions

Last activity: 4 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230

An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/

#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json

1
1
0
4h ago

CERT@VDE @certvde

#OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E

An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711

https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json

1
1
0
4h ago

CVE-2025-41709

Overview

Janitza
UMG 96RM-E 24V(5222063)

10 Mar 2026

Published

10 Mar 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

Pending

MITRE

KEV

Description

[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]

Statistics

2 Posts
4 Interactions

Last activity: 4 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230

An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/

#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json

1
1
0
4h ago

CERT@VDE @certvde

#OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E

An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711

https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json

1
1
0
4h ago

CVE-2025-41710

Overview

Janitza
UMG 96RM-E 24V(5222063)

10 Mar 2026

Published

10 Mar 2026

Updated

CVSS v3.1

MEDIUM (6.5)

EPSS

Pending

MITRE

KEV

Description

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.

Statistics

2 Posts
4 Interactions

Last activity: 4 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230

An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/

#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json

1
1
0
4h ago

CERT@VDE @certvde

#OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E

An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711

https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json

1
1
0
4h ago