24h | 7d | 30d

Overview

  • PHP Group
  • PHP
  • soap

10 May 2026
Published
12 May 2026
Updated

CVSS v4.0
CRITICAL (9.5)
EPSS
0.30%

KEV

Description

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys, processing the second entry overwrites the first in the temporary result map, freeing the original PHP object while its stale pointer remains in the map. A subsequent href reference to the freed node can copy the dangling pointer into the result. As PHP string allocations can reclaim the freed memory region, an attacker with control over the SOAP request body can exploit this use-after-free to achieve remote code execution.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
🛡️ Security updates: Modules: - php-7.3.33-20 - php-7.2.34-27 Software Collections: - php73-php-7.3.33-20 - php72-php-7.2.34-27 With recent important security fixes backported from 8.2.31 (CVE-2026-6735, CVE-2026-6722, CVE-2026-7261, CVE-2026-7262, CVE-2026-7568)
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Apache Software Foundation
  • Apache Tomcat

12 May 2026
Published
12 May 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
SIOSセキュリティブログを更新しました。 Apache Tomcatの脆弱性(Moderate: CVE-2026-43512, CVE-2026-43515, Low: CVE-2026-41284, CVE-2026-41293, CVE-2026-42498, CVE-2026-43513, CVE-2026-43514) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #tomcat #mod_jk #apache security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Apache Software Foundation
  • Apache Tomcat

12 May 2026
Published
12 May 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
SIOSセキュリティブログを更新しました。 Apache Tomcatの脆弱性(Moderate: CVE-2026-43512, CVE-2026-43515, Low: CVE-2026-41284, CVE-2026-41293, CVE-2026-42498, CVE-2026-43513, CVE-2026-43514) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #tomcat #mod_jk #apache security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Apache Software Foundation
  • Apache Tomcat

12 May 2026
Published
12 May 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
SIOSセキュリティブログを更新しました。 Apache Tomcatの脆弱性(Moderate: CVE-2026-43512, CVE-2026-43515, Low: CVE-2026-41284, CVE-2026-41293, CVE-2026-42498, CVE-2026-43513, CVE-2026-43514) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #tomcat #mod_jk #apache security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Apache Software Foundation
  • Apache Tomcat

12 May 2026
Published
12 May 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
SIOSセキュリティブログを更新しました。 Apache Tomcatの脆弱性(Moderate: CVE-2026-43512, CVE-2026-43515, Low: CVE-2026-41284, CVE-2026-41293, CVE-2026-42498, CVE-2026-43513, CVE-2026-43514) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #tomcat #mod_jk #apache security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Apache Software Foundation
  • Apache Tomcat

12 May 2026
Published
12 May 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
SIOSセキュリティブログを更新しました。 Apache Tomcatの脆弱性(Moderate: CVE-2026-43512, CVE-2026-43515, Low: CVE-2026-41284, CVE-2026-41293, CVE-2026-42498, CVE-2026-43513, CVE-2026-43514) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #tomcat #mod_jk #apache security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Apache Software Foundation
  • Apache Tomcat

12 May 2026
Published
12 May 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through 7.0.109. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118, which fix the issue.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
SIOSセキュリティブログを更新しました。 Apache Tomcatの脆弱性(Moderate: CVE-2026-43512, CVE-2026-43515, Low: CVE-2026-41284, CVE-2026-41293, CVE-2026-42498, CVE-2026-43513, CVE-2026-43514) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #tomcat #mod_jk #apache security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Apache Software Foundation
  • Apache Tomcat

12 May 2026
Published
12 May 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
SIOSセキュリティブログを更新しました。 Apache Tomcatの脆弱性(Moderate: CVE-2026-43512, CVE-2026-43515, Low: CVE-2026-41284, CVE-2026-41293, CVE-2026-42498, CVE-2026-43513, CVE-2026-43514) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #linux #tomcat #mod_jk #apache security.sios.jp/vulnerabilit...
  • 0
  • 0
  • 0
  • 14h ago
Showing 51 to 58 of 58 CVEs