24h | 7d | 30d

Overview

  • Apache Software Foundation
  • Apache Tomcat

17 Feb 2026
Published
17 Feb 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a (specification invalid) HEAD request using HTTP/0.9. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112. Older, EOL versions are also affected. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.

Statistics

  • 2 Posts

Last activity: 1 hour ago

Bluesky

Profile picture fallback
Critical #Tomcat 11 update for openSUSE Tumbleweed. Version 11.0.18-1.1 fixes CVE-2025-66614, CVE-2026-24733, and CVE-2026-24734. Read more: 👉 tinyurl.com/pzdjwutx #openSUSE
  • 0
  • 0
  • 0
  • 1h ago
Profile picture fallback
🚨 #openSUSE Tumbleweed ships Tomcat 9.0.115-1.1, addressing 3 CVEs (CVE-2025-66614, CVE-2026-24733, CVE-2026-24734). Read more: 👉 tinyurl.com/2rb5a6t3 #Security
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • SolarWinds
  • Web Help Desk

23 Sep 2025
Published
09 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
12.49%

Description

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
~Cisa~ CISA added three actively exploited vulnerabilities (Omnissa, SolarWinds, Ivanti) to the KEV catalog. - IOCs: CVE-2021-22054, CVE-2025-26399, CVE-2026-1603 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Ivanti
  • Endpoint Manager

10 Feb 2026
Published
09 Mar 2026
Updated

CVSS v3.1
HIGH (8.6)
EPSS
11.74%

Description

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
~Cisa~ CISA added three actively exploited vulnerabilities (Omnissa, SolarWinds, Ivanti) to the KEV catalog. - IOCs: CVE-2021-22054, CVE-2025-26399, CVE-2026-1603 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 1h ago
Showing 61 to 63 of 63 CVEs