| org.apache.tomcat:tomcat-catalina |
CVE-2024-52316 |
严重 |
9.0.85 |
9.0.96, 10.1.30, 11.0.1 |
tomcat: Apache Tomcat: Authentication bypass when using Jakarta Authentication API
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-52316
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2024-11-18 12:15 修改: 2026-06-17 08:06
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-24813 |
严重 |
9.0.85 |
11.0.3, 10.1.35, 9.0.99 |
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24813
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-03-10 17:15 修改: 2026-06-17 08:59
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-41293 |
严重 |
9.0.85 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41293
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-43512 |
严重 |
9.0.85 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43512
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-43515 |
严重 |
9.0.85 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: tomcat: Improper Authorization allows security bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43515
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.15.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| com.h2database:h2 |
CVE-2022-45868 |
高危 |
2.1.214 |
2.2.220 |
The web-based admin console in H2 Database Engine before 2.2.220 can b ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-45868
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2022-11-23 21:15 修改: 2026-06-17 05:10
|
| com.mysql:mysql-connector-j |
CVE-2023-22102 |
高危 |
8.0.32 |
8.2.0 |
mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2023)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-22102
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2023-10-17 22:15 修改: 2026-06-17 05:34
|
| commons-fileupload:commons-fileupload |
CVE-2025-48976 |
高危 |
1.5 |
1.6.0 |
apache-commons-fileupload: Apache Commons FileUpload DoS via part headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48976
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
|
| commons-fileupload:commons-fileupload |
CVE-2025-48976 |
高危 |
1.5 |
1.6.0 |
apache-commons-fileupload: Apache Commons FileUpload DoS via part headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48976
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
|
| commons-io:commons-io |
CVE-2024-47554 |
高危 |
2.8.0 |
2.14.0 |
apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57
|
| commons-io:commons-io |
CVE-2024-47554 |
高危 |
2.8.0 |
2.14.0 |
apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47554
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2024-10-03 12:15 修改: 2026-06-17 07:57
|
| net.minidev:json-smart |
CVE-2024-57699 |
高危 |
2.5.0 |
2.5.2 |
json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-57699
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-02-05 22:15 修改: 2026-06-17 08:13
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.15.2 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.15.2 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.15.2 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.15.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.15.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-06-23 21:17 修改: 2026-07-03 13:17
|
| org.apache.tomcat:tomcat-catalina |
CVE-2024-50379 |
高危 |
9.0.85 |
11.0.2, 10.1.34, 9.0.98 |
tomcat: RCE due to TOCTOU issue in JSP compilation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50379
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2024-12-17 13:15 修改: 2026-06-17 08:04
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-48988 |
高危 |
9.0.85 |
11.0.8, 10.1.42, 9.0.106 |
tomcat: Apache Tomcat DoS in multipart upload
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48988
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-52520 |
高危 |
9.0.85 |
11.0.9, 10.1.43, 9.0.107 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52520
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-07-10 19:15 修改: 2026-06-17 09:36
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-55752 |
高危 |
9.0.85 |
11.0.11, 10.1.45, 9.0.109 |
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55752
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-34483 |
高危 |
9.0.85 |
9.0.116, 10.1.54, 11.0.21 |
Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34483
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:39
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-41284 |
高危 |
9.0.85 |
9.0.118, 10.1.55, 11.0.22 |
Allocation of Resources Without Limits or Throttling vulnerability in ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41284
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:46
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-42498 |
高危 |
9.0.85 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication.
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42498
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:47
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-43513 |
高危 |
9.0.85 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-catalina: Apache Tomcat: Improper Handling of Case Sensitivity in LockOutRealm
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43513
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| org.apache.tomcat:tomcat-coyote |
CVE-2024-34750 |
高危 |
9.0.85 |
11.0.0-M21, 10.1.25, 9.0.90 |
tomcat: Improper Handling of Exceptional Conditions
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34750
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2024-07-03 20:15 修改: 2026-06-17 07:34
|
| org.apache.tomcat:tomcat-coyote |
CVE-2024-38286 |
高危 |
9.0.85 |
11.0.0-M21, 10.1.25, 9.0.90 |
tomcat: Denial of Service in Tomcat
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38286
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2024-11-07 08:15 修改: 2026-06-17 07:39
|
| org.apache.tomcat:tomcat-coyote |
CVE-2025-48989 |
高危 |
9.0.85 |
11.0.10, 10.1.44, 9.0.108 |
tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48989
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-08-13 13:15 修改: 2026-06-17 09:30
|
| org.apache.tomcat:tomcat-coyote |
CVE-2025-53506 |
高危 |
9.0.85 |
11.0.9, 10.1.43, 9.0.107 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53506
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-07-10 20:15 修改: 2026-06-17 09:38
|
| org.apache.tomcat:tomcat-coyote |
CVE-2026-24734 |
高危 |
9.0.85 |
11.0.18, 10.1.52, 9.0.115 |
tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24734
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-02-17 19:21 修改: 2026-06-30 03:17
|
| org.apache.tomcat:tomcat-coyote |
CVE-2026-24880 |
高危 |
9.0.85 |
9.0.116, 10.1.52, 11.0.20 |
Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24880
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:23
|
| org.apache.tomcat:tomcat-tribes |
CVE-2026-29146 |
高危 |
9.0.85 |
9.0.116, 10.1.53, 11.0.20 |
Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-29146
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-04-09 20:16 修改: 2026-06-30 03:18
|
| org.apache.tomcat:tomcat-tribes |
CVE-2026-34487 |
高危 |
9.0.85 |
9.0.117, 10.1.54, 11.0.21 |
Apache Tomcat: Apache Tomcat: Information disclosure via sensitive data in log files
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34487
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:39
|
| org.postgresql:postgresql |
CVE-2026-42198 |
高危 |
42.5.5 |
42.7.11 |
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-04-29 16:16 修改: 2026-06-30 03:19
|
| org.yaml:snakeyaml |
CVE-2017-18640 |
高危 |
1.16 |
1.26 |
snakeyaml: Billion laughs attack via alias feature
漏洞详情: https://avd.aquasec.com/nvd/cve-2017-18640
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2019-12-12 03:15 修改: 2026-06-17 01:13
|
| org.yaml:snakeyaml |
CVE-2022-1471 |
高危 |
1.16 |
2.0 |
SnakeYaml: Constructor Deserialization Remote Code Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2022-12-01 11:15 修改: 2026-06-17 04:22
|
| org.yaml:snakeyaml |
CVE-2022-25857 |
高危 |
1.16 |
1.31 |
snakeyaml: Denial of Service due to missing nested depth limitation for collections
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-25857
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2022-08-30 05:15 修改: 2026-06-17 04:34
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-25854 |
中危 |
9.0.85 |
9.0.116, 10.1.53, 11.0.20 |
Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25854
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-04-09 20:16 修改: 2026-06-17 10:25
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.2 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.15.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.15.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.15.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.15.2 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.15.2 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| org.apache.tomcat:tomcat-coyote |
CVE-2024-24549 |
中危 |
9.0.85 |
11.0.0-M17, 10.1.19, 9.0.86, 8.5.99 |
Tomcat: HTTP/2 header handling DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24549
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2024-03-13 16:15 修改: 2026-06-17 07:14
|
| org.apache.tomcat:tomcat-coyote |
CVE-2025-31650 |
中危 |
9.0.85 |
9.0.104, 10.1.40, 11.0.6 |
tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31650
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-04-28 20:15 修改: 2026-06-17 09:10
|
| org.apache.tomcat:tomcat-coyote |
CVE-2025-52434 |
中危 |
9.0.85 |
9.0.107 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52434
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-07-10 19:15 修改: 2026-06-17 09:36
|
| org.apache.tomcat:tomcat-coyote |
CVE-2025-66614 |
中危 |
9.0.85 |
11.0.15, 10.1.50, 9.0.113 |
tomcat: Client certificate verification bypass due to virtual host mapping
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66614
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-02-17 19:21 修改: 2026-06-17 09:57
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.15.2 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.2 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| org.apache.tomcat:tomcat-websocket |
CVE-2024-23672 |
中危 |
9.0.85 |
11.0.0-M17, 10.1.19, 9.0.86, 8.5.99 |
Tomcat: WebSocket DoS with incomplete closing handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23672
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2024-03-13 16:15 修改: 2026-06-17 07:13
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.15.2 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-49124 |
中危 |
9.0.85 |
11.0.8, 10.1.42, 9.0.106 |
Apache Tomcat installer for Windows has an untrusted search path vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49124
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-49125 |
中危 |
9.0.85 |
11.0.8, 10.1.42, 9.0.106 |
tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49125
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-06-16 15:15 修改: 2026-06-17 09:30
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-55668 |
中危 |
9.0.85 |
11.0.8, 10.1.42, 9.0.106 |
org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session fixation via rewrite valve
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55668
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-08-13 14:15 修改: 2026-06-17 09:41
|
| org.yaml:snakeyaml |
CVE-2022-38749 |
中危 |
1.16 |
1.31 |
snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38749
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-38750 |
中危 |
1.16 |
1.31 |
snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38750
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-38751 |
中危 |
1.16 |
1.31 |
snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38751
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-38752 |
中危 |
1.16 |
1.32 |
snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-38752
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2022-09-05 10:15 修改: 2026-06-17 04:57
|
| org.yaml:snakeyaml |
CVE-2022-41854 |
中危 |
1.16 |
1.32 |
dev-java/snakeyaml: DoS via stack overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-41854
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2022-11-11 13:15 修改: 2026-06-17 05:03
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-31651 |
低危 |
9.0.85 |
9.0.104, 10.1.40, 11.0.6 |
tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-31651
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-04-28 20:15 修改: 2026-06-17 09:10
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-46701 |
低危 |
9.0.85 |
9.0.105, 10.1.41, 11.0.7 |
tomcat: Apache Tomcat: Security constraint bypass for CGI scripts
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46701
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-05-29 19:15 修改: 2026-06-17 09:26
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-55754 |
低危 |
9.0.85 |
11.0.11, 10.1.45, 9.0.109 |
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55754
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:42
|
| org.apache.tomcat:tomcat-catalina |
CVE-2025-61795 |
低危 |
9.0.85 |
11.0.12, 10.1.47, 9.0.110 |
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61795
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2025-10-27 18:15 修改: 2026-06-17 09:50
|
| org.apache.tomcat:tomcat-catalina |
CVE-2026-43514 |
低危 |
9.0.85 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43514
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-05-12 16:16 修改: 2026-06-17 10:49
|
| org.apache.tomcat:tomcat-coyote |
CVE-2026-24733 |
低危 |
9.0.85 |
11.0.15, 10.1.50, 9.0.113 |
tomcat: security constraint bypass with HTTP/0.9
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24733
镜像层: sha256:17de22884d03d80a1c89ad3642680aa9f3af2a57d34552211ec09647c3510ec3
发布日期: 2026-02-17 19:21 修改: 2026-06-17 10:23
|