24h | 7d | 30d

Overview

  • Apache Software Foundation
  • Apache Tomcat

09 Apr 2026
Published
10 Apr 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Other, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
Tomcat request smuggling (CVE-2026-24880) isn't going away. Check if you're vulnerable on Ubuntu, Rocky, or SUSE: dpkg -l | grep tomcat9 rpm -qa | grep tomcat zypper info tomcat Then run the fix script → Read more: 👉 tinyurl.com/43ud2kjt #Mageia
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Meta
  • react-server-dom-webpack

03 Dec 2025
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
84.89%

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
📢 Kubernetes : escalade de privilèges via vol de tokens et exploitation de CVE-2025-55182 📝 ## 🔍 Contexte Publié le 6 avril 2026 par Unit 42 (… https://cyberveille.ch/posts/2026-04-12-kubernetes-escalade-de-privileges-via-vol-de-tokens-et-exploitation-de-cve-2025-55182/ #CVE_2025_55182 #Cyberveille
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Totolink
  • A7100RU

12 Apr 2026
Published
12 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.89%

KEV

Description

A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used.

Statistics

  • 1 Post

Last activity: 10 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-6115 in Totolink A7100RU (7.4cu.2313_b20191024) allows unauth'd remote OS command injection via /cgi-bin/cstecgi.cgi. No patch yet. Restrict access & monitor vendor updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago
Showing 21 to 23 of 23 CVEs