CVE-2026-24880

Overview

Apache Software Foundation
Apache Tomcat

09 Apr 2026

Published

10 Apr 2026

Updated

CVSS

Pending

EPSS

0.03%

MITRE

KEV

Description

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Other, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue.

Statistics

1 Post

Last activity: Last hour

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

Tomcat request smuggling (CVE-2026-24880) isn't going away. Check if you're vulnerable on Ubuntu, Rocky, or SUSE: dpkg -l | grep tomcat9 rpm -qa | grep tomcat zypper info tomcat Then run the fix script → Read more: 👉 tinyurl.com/43ud2kjt #Mageia

0
0
0
Last hour

CVE-2025-55182

Overview

Meta
react-server-dom-webpack

03 Dec 2025

Published

26 Feb 2026

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

84.89%

MITRE

KEV

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

1 Post

Last activity: 15 hours ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 Kubernetes : escalade de privilèges via vol de tokens et exploitation de CVE-2025-55182 📝 ## 🔍 Contexte Publié le 6 avril 2026 par Unit 42 (… https://cyberveille.ch/posts/2026-04-12-kubernetes-escalade-de-privileges-via-vol-de-tokens-et-exploitation-de-cve-2025-55182/ #CVE_2025_55182 #Cyberveille

0
0
0
15h ago

CVE-2026-6115

Overview

Totolink
A7100RU

12 Apr 2026

Published

12 Apr 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

0.89%

MITRE

KEV

Description

A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used.

Statistics

1 Post

Last activity: 10 hours ago

Fediverse

OffSequence @offseq

🚨 CRITICAL: CVE-2026-6115 in Totolink A7100RU (7.4cu.2313_b20191024) allows unauth'd remote OS command injection via /cgi-bin/cstecgi.cgi. No patch yet. Restrict access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-6115-os-command-injection-in-totolink-a71-2eb78416 #OffSeq #Vulnerability #Router #Infosec

0
0
0
10h ago