Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: web-servers Clear
ID Title
CVE-2026-33433 Vulnerability in traefik (CVE-2026-33433)
vulnerability in traefik (CVE-2026-33433). Successful exploitation can lead to full system takeover. Exploitable via ``headerField``.
CVE-2026-32695 Vulnerability in traefik (CVE-2026-32695)
vulnerability in traefik (CVE-2026-32695). Confidential information can be exposed externally. Exploitable via ``tenant.example.com``.
CVE-2026-27654 Vulnerability in nginx (CVE-2026-27654)
vulnerability in nginx (CVE-2026-27654). Risk of unauthorized operations or information disclosure.
CVE-2026-27784 Vulnerability in nginx (CVE-2026-27784)
vulnerability in nginx (CVE-2026-27784). Successful exploitation can lead to full system takeover.
CVE-2026-32647 Out-of-Bounds Read in nginx (CVE-2026-32647)
vulnerability in nginx (CVE-2026-32647). Successful exploitation can lead to full system takeover.
CVE-2026-27651 Vulnerability in nginx (CVE-2026-27651)
vulnerability in nginx (CVE-2026-27651). Risk of unauthorized operations or information disclosure.
CVE-2026-32305 Authentication Bypass in traefik (CVE-2026-32305)
authentication bypass in traefik (CVE-2026-32305). Risk of unauthorized operations or information disclosure.
CVE-2026-4342 Vulnerability in nginx (CVE-2026-4342)
vulnerability in nginx (CVE-2026-4342). Successful exploitation can lead to full system takeover.
CVE-2016-20026 Vulnerability in apache (CVE-2016-20026)
vulnerability in apache (CVE-2016-20026). Successful exploitation can lead to full system takeover.
CVE-2026-23941 Vulnerability in nginx (CVE-2026-23941)
vulnerability in nginx (CVE-2026-23941). Confidential information can be exposed externally.
CVE-2026-29054 Vulnerability in traefik (CVE-2026-29054)
vulnerability in traefik (CVE-2026-29054). Data can be tampered with by attackers.
CVE-2026-26999 Vulnerability in traefik (CVE-2026-26999)
vulnerability in traefik (CVE-2026-26999). Risk of unauthorized operations or information disclosure.
CVE-2026-24734 Vulnerability in apache (CVE-2026-24734)
vulnerability in apache (CVE-2026-24734). Data can be tampered with by attackers.
CVE-2026-25949 Vulnerability in dos (CVE-2026-25949)
vulnerability in dos (CVE-2026-25949). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.6.8` or later.
CVE-2025-61795 Vulnerability in org.apache.tomcat:tomcat (CVE-2025-61795)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-61795). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.0.110, 10.1.47, 11.0.12` or later.
CVE-2025-55752 Vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.0.109, 10.1.45, 11.0.11` or later.
CVE-2025-55754 Vulnerability in org.apache.tomcat:tomcat (CVE-2025-55754)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-55754). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.0.109, 10.1.45, 11.0.11` or later.
CVE-2025-48989 Vulnerability in org.apache.tomcat:tomcat-coyote (CVE-2025-48989)
vulnerability in org.apache.tomcat:tomcat-coyote (CVE-2025-48989). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.0.108` or later.
CVE-2025-24813 KEV [KEV] Vulnerability in Apache tomcat (CVE-2025-24813)
vulnerability in Apache tomcat (CVE-2025-24813). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-44487 KEV [KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
CVE-2016-8735 KEV [KEV] Vulnerability in Apache tomcat (CVE-2016-8735)
vulnerability in Apache tomcat (CVE-2016-8735). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-12617 KEV [KEV] Unrestricted File Upload in Apache tomcat (CVE-2017-12617)
vulnerability in Apache tomcat (CVE-2017-12617). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-12615 KEV [KEV] Unrestricted File Upload in Apache tomcat (CVE-2017-12615)
vulnerability in Apache tomcat (CVE-2017-12615). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-1938 KEV [KEV] Privilege Escalation in org.apache.tomcat.embed:tomcat-embed-core (CVE-2020-1938)
vulnerability in org.apache.tomcat.embed:tomcat-embed-core (CVE-2020-1938). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `7.0.100` or later.
CVE-2020-29238 Vulnerability in nginx (CVE-2020-29238)
vulnerability in nginx (CVE-2020-29238). Confidential information can be exposed externally.
CVE-2017-13990 Information Disclosure in express (CVE-2017-13990)
vulnerability in express (CVE-2017-13990). Risk of unauthorized operations or information disclosure.
CVE-2017-12616 Information Disclosure in apache (CVE-2017-12616)
vulnerability in apache (CVE-2017-12616). Confidential information can be exposed externally.
CVE-2014-9634 Vulnerability in tomcat (CVE-2014-9634)
vulnerability in tomcat (CVE-2014-9634). Risk of unauthorized operations or information disclosure.
CVE-2014-9635 Vulnerability in tomcat (CVE-2014-9635)
vulnerability in tomcat (CVE-2014-9635). Risk of unauthorized operations or information disclosure. Exploitable via `Cookie header`.
CVE-2017-14105 Vulnerability in tomcat (CVE-2017-14105)
vulnerability in tomcat (CVE-2017-14105). Successful exploitation can lead to full system takeover.
CVE-2016-2102 HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.
CVE-2016-6796 Vulnerability in apache (CVE-2016-6796)
vulnerability in apache (CVE-2016-6796). Data can be tampered with by attackers.
CVE-2017-7674 Vulnerability in apache (CVE-2017-7674)
vulnerability in apache (CVE-2017-7674). Risk of unauthorized operations or information disclosure.
CVE-2017-7675 Path Traversal in apache (CVE-2017-7675)
path traversal in apache (CVE-2017-7675). Confidential information can be exposed externally.
CVE-2016-6797 Authorization Flaw in apache (CVE-2016-6797)
vulnerability in apache (CVE-2016-6797). Confidential information can be exposed externally.
CVE-2016-6817 Buffer Overflow in apache (CVE-2016-6817)
vulnerability in apache (CVE-2016-6817). Risk of unauthorized operations or information disclosure.
CVE-2016-8745 Vulnerability in apache (CVE-2016-8745)
vulnerability in apache (CVE-2016-8745). Confidential information can be exposed externally.
CVE-2016-0762 Vulnerability in apache (CVE-2016-0762)
vulnerability in apache (CVE-2016-0762). Confidential information can be exposed externally.
CVE-2016-5018 Vulnerability in apache (CVE-2016-5018)
vulnerability in apache (CVE-2016-5018). Confidential information can be exposed externally.
CVE-2016-6794 Vulnerability in apache (CVE-2016-6794)
vulnerability in apache (CVE-2016-6794). Risk of unauthorized operations or information disclosure.
CVE-2017-7683 Information Disclosure in apache (CVE-2017-7683)
vulnerability in apache (CVE-2017-7683). Confidential information can be exposed externally.
CVE-2017-7529 Vulnerability in nginx (CVE-2017-7529)
vulnerability in nginx (CVE-2017-7529). Confidential information can be exposed externally.
CVE-2017-6712 OS Command Injection in tomcat (CVE-2017-6712)
OS command injection in tomcat (CVE-2017-6712). Successful exploitation can lead to full system takeover.
CVE-2015-1778 Authentication Bypass in org.opendaylight.odlparent:opendaylight-karaf-resources (CVE-2015-1778)
authentication bypass in org.opendaylight.odlparent:opendaylight-karaf-resources (CVE-2015-1778). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.2.3-Helium-SR3` or later.
CVE-2017-6682 OS Command Injection in tomcat (CVE-2017-6682)
OS command injection in tomcat (CVE-2017-6682). Successful exploitation can lead to full system takeover.
CVE-2017-6683 OS Command Injection in tomcat (CVE-2017-6683)
OS command injection in tomcat (CVE-2017-6683). Successful exploitation can lead to full system takeover.
CVE-2017-5664 Vulnerability in apache (CVE-2017-5664)
vulnerability in apache (CVE-2017-5664). Data can be tampered with by attackers.
CVE-2017-7428 Vulnerability in tomcat (CVE-2017-7428)
vulnerability in tomcat (CVE-2017-7428). Risk of unauthorized operations or information disclosure.
CVE-2017-8301 Vulnerability in nginx (CVE-2017-8301)
vulnerability in nginx (CVE-2017-8301). Data can be tampered with by attackers.
CVE-2016-10345 Vulnerability in nginx (CVE-2016-10345)
vulnerability in nginx (CVE-2016-10345). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →