Search CVE reports


Toggle filters

201 – 210 of 39869 results

Status is adjusted based on your filters.


CVE-2026-59083

Medium priority
Needs evaluation

Improper Handling of URL Encoding (Hex Encoding) vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23,...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 24.04 LTS
tomcat6 Not in release
tomcat7 Not in release
tomcat8 Not in release
tomcat9 Needs evaluation
tomcat10 Needs evaluation
tomcat11 Not in release
Show less packages

CVE-2026-12606

Medium priority

Not in release

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling.

1 affected package

glassfish

Package 24.04 LTS
glassfish Not in release
Show less packages

CVE-2026-10051

Medium priority
Needs evaluation

In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of...

2 affected packages

jetty12, jetty9

Package 24.04 LTS
jetty12 Not in release
jetty9 Needs evaluation
Show less packages

CVE-2024-7708

Medium priority
Needs evaluation

For requests that have a body, but reading the body may end up in reading 0 bytes, there is a buffer leak. This is particularly the case for 100-Continue, but any request where the network is slow can leak.

2 affected packages

jetty12, jetty9

Package 24.04 LTS
jetty12 Not in release
jetty9 Needs evaluation
Show less packages

CVE-2026-12482

Medium priority

Not in release

A vulnerability in keras-team/keras version 3.12.0 allows an attacker to craft a malicious tar archive that bypasses the `filter_safe_tarinfos` validation in `keras/src/utils/file_utils.py`. Specifically, symlink entries are not...

1 affected package

keras

Package 24.04 LTS
keras Not in release
Show less packages

CVE-2026-61627

Medium priority
Needs evaluation

[GHSA-pjjp-65r7-ppgm: Out-of-bounds read and write in wrap_lines_measure]

1 affected package

libass

Package 24.04 LTS
libass Needs evaluation
Show less packages

CVE-2026-61626

Medium priority
Needs evaluation

[GHSA-5gf7-wjfm-vmvm: Out-of-bounds bit clears for negative Matroska ReadOrder values]

1 affected package

libass

Package 24.04 LTS
libass Needs evaluation
Show less packages

CVE-2026-56170

Medium priority
Fixed

A denial of service vulnerability exists in ASP.NET Core SignalR in .NET 8, .NET 9, and .NET 10. Stateful reconnect can be leveraged by an attacker to deny service to other users.

5 affected packages

dotnet6, dotnet7, dotnet8, dotnet9, dotnet10

Package 24.04 LTS
dotnet6 Not in release
dotnet7 Not in release
dotnet8 Fixed
dotnet9 Not in release
dotnet10 Fixed
Show less packages

CVE-2026-54707

Medium priority
Needs evaluation

[OnionShare Receive mode writes uploaded files even when file uploads are disabled]

1 affected package

onionshare

Package 24.04 LTS
onionshare Needs evaluation
Show less packages

CVE-2026-54706

Medium priority
Needs evaluation

[OnionShare follows symlinks in shared directories, allowing unintended disclosure of local files]

1 affected package

onionshare

Package 24.04 LTS
onionshare Needs evaluation
Show less packages