VDB
GCVE-110-MAGEIA-2026-95
GCVE-110-MAGEIA-2026-95
Advisory Published
Request smuggling via invalid chunk extension. (CVE-2026-24880)
Occasionally open redirect. (CVE-2026-25854)
TLS cipher order is not preserved. (CVE-2026-29129)
OCSP checks sometimes soft-fail even when soft-fail is disabled.
(CVE-2026-29145)
EncryptInterceptor vulnerable to padding oracle attack by default.
(CVE-2026-29146)
Fix for CVE-2025-66614 is incomplete. (CVE-2026-32990)
Incomplete escaping of JSON access logs. (CVE-2026-34483)
Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor.
(CVE-2026-34486)
Cloud membership for clustering component exposed the Kubernetes bearer
token. (CVE-2026-34487)
OCSP checks sometimes soft-fail with FFM even when soft-fail is
disabled. (CVE-2026-34500)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | tomcat | 0 (affected), 9.0.117-1.mga9 (unaffected) | — |
References
Browse GCVE Records
72,664 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.