Search CVE reports


Toggle filters

81 – 90 of 42301 results

Status is adjusted based on your filters.


CVE-2026-12610

Medium priority
Needs evaluation

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw...

1 affected package

sssd

Package 20.04 LTS
sssd Needs evaluation
Show less packages

CVE-2026-12243

Medium priority
Needs evaluation

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in `nltk/data.py` checks for literal `../` sequences but fails to account for...

1 affected package

nltk

Package 20.04 LTS
nltk Needs evaluation
Show less packages

CVE-2026-55957

Medium priority
Needs evaluation

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 20.04 LTS
tomcat6
tomcat7
tomcat8
tomcat9 Needs evaluation
tomcat10
tomcat11
Show less packages

CVE-2026-55956

Medium priority
Needs evaluation

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat:...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 20.04 LTS
tomcat6
tomcat7
tomcat8
tomcat9 Needs evaluation
tomcat10
tomcat11
Show less packages

CVE-2026-55955

Medium priority
Needs evaluation

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 20.04 LTS
tomcat6
tomcat7
tomcat8
tomcat9 Needs evaluation
tomcat10
tomcat11
Show less packages

CVE-2026-55276

Medium priority
Needs evaluation

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat:...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 20.04 LTS
tomcat6
tomcat7
tomcat8
tomcat9 Needs evaluation
tomcat10
tomcat11
Show less packages

CVE-2026-53434

Medium priority
Needs evaluation

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 20.04 LTS
tomcat6
tomcat7
tomcat8
tomcat9 Needs evaluation
tomcat10
tomcat11
Show less packages

CVE-2026-53404

Medium priority
Needs evaluation

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat:...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 20.04 LTS
tomcat6
tomcat7
tomcat8
tomcat9 Needs evaluation
tomcat10
tomcat11
Show less packages

CVE-2026-50229

Medium priority
Needs evaluation

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through...

6 affected packages

tomcat6, tomcat7, tomcat8, tomcat9, tomcat10, tomcat11

Package 20.04 LTS
tomcat6
tomcat7
tomcat8
tomcat9 Needs evaluation
tomcat10
tomcat11
Show less packages

CVE-2026-13758

Medium priority
Needs evaluation

CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt_done path. The decrypt_done($tag) form compares it against the computed tag with memNE (memcmp() != 0), which...

1 affected package

libcryptx-perl

Package 20.04 LTS
libcryptx-perl Needs evaluation
Show less packages