Search CVE reports


Toggle filters

71 – 80 of 42294 results

Status is adjusted based on your filters.


CVE-2026-13606

Medium priority
Needs evaluation

[Unknown description]

1 affected package

graphicsmagick

Package 20.04 LTS
graphicsmagick Needs evaluation
Show less packages

CVE-2026-13316

Medium priority
Needs evaluation

A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF attack and steal cloud metadata service on AWS/GCP/Azure environment through foreman...

1 affected package

ruby-foreman

Package 20.04 LTS
ruby-foreman Needs evaluation
Show less packages

CVE-2026-13149

Medium priority
Needs evaluation

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand() function exhibits exponential-time complexity in the number of consecutive non-expanding '{}' brace groups. An attacker who passes a crafted string to...

1 affected package

node-brace-expansion

Package 20.04 LTS
node-brace-expansion Needs evaluation
Show less packages

CVE-2026-12610

Medium priority
Needs evaluation

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw...

1 affected package

sssd

Package 20.04 LTS
sssd Needs evaluation
Show less packages

CVE-2026-12243

Medium priority
Needs evaluation

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in `nltk/data.py` checks for literal `../` sequences but fails to account for...

1 affected package

nltk

Package 20.04 LTS
nltk Needs evaluation
Show less packages

CVE-2026-55957

Medium priority
Needs evaluation

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 20.04 LTS
tomcat6
tomcat7
tomcat8
tomcat9 Needs evaluation
tomcat10
tomcat11
Show less packages

CVE-2026-55956

Medium priority
Needs evaluation

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat:...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 20.04 LTS
tomcat6
tomcat7
tomcat8
tomcat9 Needs evaluation
tomcat10
tomcat11
Show less packages

CVE-2026-55955

Medium priority
Needs evaluation

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 20.04 LTS
tomcat6
tomcat7
tomcat8
tomcat9 Needs evaluation
tomcat10
tomcat11
Show less packages

CVE-2026-55276

Medium priority
Needs evaluation

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat:...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 20.04 LTS
tomcat6
tomcat7
tomcat8
tomcat9 Needs evaluation
tomcat10
tomcat11
Show less packages

CVE-2026-53434

Medium priority
Needs evaluation

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 20.04 LTS
tomcat6
tomcat7
tomcat8
tomcat9 Needs evaluation
tomcat10
tomcat11
Show less packages